FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc heap-based buffer overflow

Affected packages
vlc < 3.0.11,4


VuXML ID 77896891-b08a-11ea-937b-b42e99a1b9c3
Discovery 2020-05-27
Entry 2020-06-17

Thomas Guillem reports:

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.


CVE Name CVE-2020-13428