Bug#932131: vlc: CVE-2019-13602

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#932131: vlc: CVE-2019-13602
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 15 Jul 2019 19:12:34 +0200
Message-id: <[🔎] 156321075476.1627.7690928641993458171.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 932131@bugs.debian.org

Source: vlc
Version: 3.0.7.1-1
Severity: important
Tags: security upstream
Control: found -1 3.0.7-1
Control: found -1 3.0.7-0+deb9u1

Hi,

The following vulnerability was published for vlc.

CVE-2019-13602[0]:
| An Integer Underflow in MP4_EIA608_Convert() in
| modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1
| allows remote attackers to cause a denial of service (heap-based
| buffer overflow and crash) or possibly have unspecified other impact
| via a crafted .mp4 file.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-13602
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13602

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: vlc: CVE-2019-13602
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#932131: marked as done (vlc: CVE-2019-13602)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: mpd-sima_0.15.1-2_source.changes ACCEPTED into unstable
Next by Date: Processed: vlc: CVE-2019-13602
Previous by thread: mpd-sima_0.15.1-2_source.changes ACCEPTED into unstable
Next by thread: Processed: vlc: CVE-2019-13602
Index(es):
- Date
- Thread