Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-14437 (GCVE-0-2019-14437)
Vulnerability from cvelistv5 – Published: 2019-08-29 17:30 – Updated: 2024-08-05 00:19
VLAI?
EPSS
Summary
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14437",
"datePublished": "2019-08-29T17:30:37",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70E115F-4E34-4944-BFB6-F523B54FC328\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n xiph_SplitHeaders en el archivo modules/demux/xiph.h en VideoLAN VLC media player versi\\u00f3n 3.0.7.1, no comprueba los l\\u00edmites de la matriz apropiadamente. Como resultado, puede ser activada una lectura excesiva del b\\u00fafer en la regi\\u00f3n heap de la memoria por medio de un archivo .ogg dise\\u00f1ado.\"}]",
"id": "CVE-2019-14437",
"lastModified": "2024-11-21T04:26:44.633",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-08-29T18:15:12.127",
"references": "[{\"url\": \"http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/36\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201909-02\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4131-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4504\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.videolan.org/security/sb-vlc308.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/36\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201909-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4131-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4504\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.videolan.org/security/sb-vlc308.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}, {\"lang\": \"en\", \"value\": \"CWE-129\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14437\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-08-29T18:15:12.127\",\"lastModified\":\"2024-11-21T04:26:44.633\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n xiph_SplitHeaders en el archivo modules/demux/xiph.h en VideoLAN VLC media player versi\u00f3n 3.0.7.1, no comprueba los l\u00edmites de la matriz apropiadamente. Como resultado, puede ser activada una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria por medio de un archivo .ogg dise\u00f1ado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70E115F-4E34-4944-BFB6-F523B54FC328\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/36\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201909-02\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4131-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4504\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.videolan.org/security/sb-vlc308.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201909-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4131-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4504\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.videolan.org/security/sb-vlc308.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2019-14437
Vulnerability from fkie_nvd - Published: 2019-08-29 18:15 - Updated: 2024-11-21 04:26
Severity ?
Summary
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
},
{
"lang": "es",
"value": "La funci\u00f3n xiph_SplitHeaders en el archivo modules/demux/xiph.h en VideoLAN VLC media player versi\u00f3n 3.0.7.1, no comprueba los l\u00edmites de la matriz apropiadamente. Como resultado, puede ser activada una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria por medio de un archivo .ogg dise\u00f1ado."
}
],
"id": "CVE-2019-14437",
"lastModified": "2024-11-21T04:26:44.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T18:15:12.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9529-V6M3-M9F6
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2022-05-24 16:55
VLAI?
Details
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
{
"affected": [],
"aliases": [
"CVE-2019-14437"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-29T18:15:00Z",
"severity": "HIGH"
},
"details": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"id": "GHSA-9529-v6m3-m9f6",
"modified": "2022-05-24T16:55:11Z",
"published": "2022-05-24T16:55:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14437"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4131-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"type": "WEB",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2019-14437
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-14437",
"description": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"id": "GSD-2019-14437",
"references": [
"https://www.suse.com/security/cve/CVE-2019-14437.html",
"https://www.debian.org/security/2019/dsa-4504",
"https://ubuntu.com/security/CVE-2019-14437",
"https://advisories.mageia.org/CVE-2019-14437.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-14437"
],
"details": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"id": "GSD-2019-14437",
"modified": "2023-12-13T01:23:52.581307Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14437"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-129"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-08-29T18:15Z"
}
}
}
OPENSUSE-SU-2020:0562-1
Vulnerability from csaf_opensuse - Published: 2020-04-29 06:03 - Updated: 2020-04-29 06:03Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc fixes the following issues:
vlc was updated to version 3.0.9.2:
+ Misc: Properly bump the version in configure.ac.
Changes from version 3.0.9.1:
+ Misc: Fix VLSub returning 401 for earch request.
Changes from version 3.0.9:
+ Core: Work around busy looping when playing an invalid item
through VLM.
+ Access:
* Multiple dvdread and dvdnav crashs fixes
* Fixed DVD glitches on clip change
* Fixed dvdread commands/data sequence inversion in some cases causing
unwanted glitches
* Better handling of authored as corrupted DVD
* Added libsmb2 support for SMB2/3 shares
+ Demux:
* Fix TTML entities not passed to decoder
* Fixed some WebVTT styling tags being not applied
* Misc raw H264/HEVC frame rate fixes
* Fix adaptive regression on TS format change (mostly HLS)
* Fixed MP4 regression with twos/sowt PCM audio
* Fixed some MP4 raw quicktime and ms-PCM audio
* Fixed MP4 interlacing handling
* Multiple adaptive stack (DASH/HLS/Smooth) fixes
* Enabled Live seeking for HLS
* Fixed seeking in some cases for HLS
* Improved Live playback for Smooth and DASH
* Fixed adaptive unwanted end of stream in some cases
* Faster adaptive start and new buffering control options
+ Packetizers:
* Fixes H264/HEVC incomplete draining in some cases
* packetizer_helper: Fix potential trailing junk on last packet
* Added missing drain in packetizers that was causing missing
last frame or audio
* Improved check to prevent fLAC synchronization drops
+ Decoder:
* avcodec: revector video decoder to fix incomplete drain
* spudec: implemented palette updates, fixing missing subtitles
on some DVD
* Fixed WebVTT CSS styling not being applied on Windows/macOS
* Fixed Hebrew teletext pages support in zvbi
* Fixed Dav1d aborting decoding on corrupted picture
* Extract and display of all CEA708 subtitles
* Update libfaad to 2.9.1
* Add DXVA support for VP9 Profile 2 (10 bits)
* Mediacodec aspect ratio with Amazon devices
+ Audio output:
* Added support for iOS audiounit audio above 48KHz
* Added support for amem audio up to 384KHz
+ Video output:
* Fix for opengl glitches in some drivers
* Fix GMA950 opengl support on macOS
* YUV to RGB StretchRect fixes with NVIDIA drivers
* Use libpacebo new tone mapping desaturation algorithm
+ Text renderer:
* Fix crashes on macOS with SSA/ASS subtitles containing emoji
* Fixed unwanted growing background in Freetype rendering and Y padding
+ Mux: Fixed some YUV mappings
+ Service Discovery: Update libmicrodns to 0.1.2.
+ Misc:
* Update YouTube, SoundCloud and Vocaroo scripts: this restores
playback of YouTube URLs.
* Add missing .wpl & .zpl file associations on Windows
* Improved chromecast audio quality
Update to version 3.0.8 'vetinari':
+ Fix stuttering for low framerate videos
+ Improve adaptive streaming
+ Improve audio output for external audio devices on macOS/iOS
+ Fix hardware acceleration with Direct3D11 for some AMD drivers
+ Fix WebVTT subtitles rendering
+ Vetinari is a major release changing a lot in the media engine of VLC.
It is one of the largest release we've ever done.
Notably, it:
- activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits,
allowing 4K60 or even 8K decoding with little CPU consumption,
- merges all the code from the mobile ports into the same codebase with
common numbering and releases,
- supports 360 video and 3D audio, and prepares for VR content,
- supports direct HDR and HDR tone-mapping,
- updates the audio passthrough for HD Audio codecs,
- allows browsing of local network drives like SMB, FTP, SFTP, NFS...
- stores the passwords securely,
- brings a new subtitle rendering engine, supporting ComplexTextLayout
and font fallback to support multiple languages and fonts,
- supports ChromeCast with the new renderer framework,
- adds support for numerous new formats and codecs, including WebVTT,
AV1, TTML, HQX, 708, Cineform, and many more,
- improves Bluray support with Java menus, aka BD-J,
- updates the macOS interface with major cleaning and improvements,
- support HiDPI UI on Windows, with the switch to Qt5,
- prepares the experimental support for Wayland on Linux, and
switches to OpenGL by default on Linux.
+ Security fixes included:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.
- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some
image loading libraries (libpng, libjpeg, ...) which are either wrapped
by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-562
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vlc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vlc fixes the following issues:\n\nvlc was updated to version 3.0.9.2:\n\n+ Misc: Properly bump the version in configure.ac.\n\nChanges from version 3.0.9.1:\n\n+ Misc: Fix VLSub returning 401 for earch request.\n\nChanges from version 3.0.9:\n\n+ Core: Work around busy looping when playing an invalid item\n through VLM.\n+ Access:\n * Multiple dvdread and dvdnav crashs fixes\n * Fixed DVD glitches on clip change\n * Fixed dvdread commands/data sequence inversion in some cases causing\n unwanted glitches\n * Better handling of authored as corrupted DVD\n * Added libsmb2 support for SMB2/3 shares\n+ Demux:\n * Fix TTML entities not passed to decoder\n * Fixed some WebVTT styling tags being not applied\n * Misc raw H264/HEVC frame rate fixes\n * Fix adaptive regression on TS format change (mostly HLS)\n * Fixed MP4 regression with twos/sowt PCM audio\n * Fixed some MP4 raw quicktime and ms-PCM audio\n * Fixed MP4 interlacing handling\n * Multiple adaptive stack (DASH/HLS/Smooth) fixes\n * Enabled Live seeking for HLS\n * Fixed seeking in some cases for HLS\n * Improved Live playback for Smooth and DASH\n * Fixed adaptive unwanted end of stream in some cases\n * Faster adaptive start and new buffering control options\n+ Packetizers:\n * Fixes H264/HEVC incomplete draining in some cases\n * packetizer_helper: Fix potential trailing junk on last packet\n * Added missing drain in packetizers that was causing missing\n last frame or audio\n * Improved check to prevent fLAC synchronization drops\n+ Decoder:\n * avcodec: revector video decoder to fix incomplete drain\n * spudec: implemented palette updates, fixing missing subtitles\n on some DVD\n * Fixed WebVTT CSS styling not being applied on Windows/macOS\n * Fixed Hebrew teletext pages support in zvbi\n * Fixed Dav1d aborting decoding on corrupted picture\n * Extract and display of all CEA708 subtitles\n * Update libfaad to 2.9.1\n * Add DXVA support for VP9 Profile 2 (10 bits)\n * Mediacodec aspect ratio with Amazon devices\n+ Audio output:\n * Added support for iOS audiounit audio above 48KHz\n * Added support for amem audio up to 384KHz\n+ Video output:\n * Fix for opengl glitches in some drivers\n * Fix GMA950 opengl support on macOS\n * YUV to RGB StretchRect fixes with NVIDIA drivers\n * Use libpacebo new tone mapping desaturation algorithm\n+ Text renderer:\n * Fix crashes on macOS with SSA/ASS subtitles containing emoji\n * Fixed unwanted growing background in Freetype rendering and Y padding\n+ Mux: Fixed some YUV mappings\n+ Service Discovery: Update libmicrodns to 0.1.2.\n+ Misc:\n * Update YouTube, SoundCloud and Vocaroo scripts: this restores\n playback of YouTube URLs.\n * Add missing .wpl \u0026 .zpl file associations on Windows\n * Improved chromecast audio quality\n\nUpdate to version 3.0.8 \u0027vetinari\u0027:\n\n+ Fix stuttering for low framerate videos\n+ Improve adaptive streaming\n+ Improve audio output for external audio devices on macOS/iOS\n+ Fix hardware acceleration with Direct3D11 for some AMD drivers\n+ Fix WebVTT subtitles rendering\n+ Vetinari is a major release changing a lot in the media engine of VLC.\n It is one of the largest release we\u0027ve ever done.\n Notably, it:\n - activates hardware decoding on all platforms, of H.264 \u0026 H.265, 8 \u0026 10bits,\n allowing 4K60 or even 8K decoding with little CPU consumption,\n - merges all the code from the mobile ports into the same codebase with\n common numbering and releases,\n - supports 360 video and 3D audio, and prepares for VR content,\n - supports direct HDR and HDR tone-mapping,\n - updates the audio passthrough for HD Audio codecs,\n - allows browsing of local network drives like SMB, FTP, SFTP, NFS...\n - stores the passwords securely,\n - brings a new subtitle rendering engine, supporting ComplexTextLayout\n and font fallback to support multiple languages and fonts,\n - supports ChromeCast with the new renderer framework,\n - adds support for numerous new formats and codecs, including WebVTT,\n AV1, TTML, HQX, 708, Cineform, and many more,\n - improves Bluray support with Java menus, aka BD-J,\n - updates the macOS interface with major cleaning and improvements,\n - support HiDPI UI on Windows, with the switch to Qt5,\n - prepares the experimental support for Wayland on Linux, and\n switches to OpenGL by default on Linux.\n+ Security fixes included:\n * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)\n * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)\n * Fix a read buffer overflow in the FAAD decoder\n * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)\n * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)\n * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)\n * Fix a use after free in the ASF demuxer (CVE-2019-14533)\n * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)\n * Fix a null dereference in the dvdnav demuxer\n * Fix a null dereference in the ASF demuxer (CVE-2019-14534)\n * Fix a null dereference in the AVI demuxer\n * Fix a division by zero in the CAF demuxer (CVE-2019-14498)\n * Fix a division by zero in the ASF demuxer (CVE-2019-14535)\n- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.\n\n- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some\n image loading libraries (libpng, libjpeg, ...) which are either wrapped\n by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-562",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0562-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0562-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONU7H5UORTQ2UM2HDIPLR7AOGTPENU4H/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0562-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONU7H5UORTQ2UM2HDIPLR7AOGTPENU4H/"
},
{
"category": "self",
"summary": "SUSE Bug 1142161",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "self",
"summary": "SUSE Bug 1146428",
"url": "https://bugzilla.suse.com/1146428"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14437 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14438 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14533 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14534 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14535 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14535/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14776 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14777 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14970 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14970/"
}
],
"title": "Security update for vlc",
"tracking": {
"current_release_date": "2020-04-29T06:03:33Z",
"generator": {
"date": "2020-04-29T06:03:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0562-1",
"initial_release_date": "2020-04-29T06:03:33Z",
"revision_history": [
{
"date": "2020-04-29T06:03:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"product": {
"name": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"product_id": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64",
"product": {
"name": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64",
"product_id": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch"
},
"product_reference": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
},
"product_reference": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-14437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14437"
}
],
"notes": [
{
"category": "general",
"text": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14437",
"url": "https://www.suse.com/security/cve/CVE-2019-14437"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14437",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14437"
},
{
"cve": "CVE-2019-14438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14438"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14438",
"url": "https://www.suse.com/security/cve/CVE-2019-14438"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14438",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14438"
},
{
"cve": "CVE-2019-14498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14498"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14498",
"url": "https://www.suse.com/security/cve/CVE-2019-14498"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14498",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14498"
},
{
"cve": "CVE-2019-14533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14533"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14533",
"url": "https://www.suse.com/security/cve/CVE-2019-14533"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14533",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14533"
},
{
"cve": "CVE-2019-14534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14534"
}
],
"notes": [
{
"category": "general",
"text": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14534",
"url": "https://www.suse.com/security/cve/CVE-2019-14534"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14534",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14534"
},
{
"cve": "CVE-2019-14535",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14535"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14535",
"url": "https://www.suse.com/security/cve/CVE-2019-14535"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14535",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14535"
},
{
"cve": "CVE-2019-14776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14776"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14776",
"url": "https://www.suse.com/security/cve/CVE-2019-14776"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14776",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14776"
},
{
"cve": "CVE-2019-14777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14777"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14777",
"url": "https://www.suse.com/security/cve/CVE-2019-14777"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14777",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14777"
},
{
"cve": "CVE-2019-14778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14778"
}
],
"notes": [
{
"category": "general",
"text": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14778",
"url": "https://www.suse.com/security/cve/CVE-2019-14778"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14778",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14778"
},
{
"cve": "CVE-2019-14970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14970"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14970",
"url": "https://www.suse.com/security/cve/CVE-2019-14970"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14970",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-29T06:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-14970"
}
]
}
OPENSUSE-SU-2024:11502-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libvlc5-3.0.16-1.5 on GA media
Notes
Title of the patch
libvlc5-3.0.16-1.5 on GA media
Description of the patch
These are all security issues fixed in the libvlc5-3.0.16-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11502
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libvlc5-3.0.16-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libvlc5-3.0.16-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11502",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11502-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10699 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9300 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19857 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14437 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14533 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14534 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14535 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14535/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14776 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14777 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14970 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13428 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26664 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26664/"
}
],
"title": "libvlc5-3.0.16-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11502-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.aarch64",
"product": {
"name": "libvlc5-3.0.16-1.5.aarch64",
"product_id": "libvlc5-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.aarch64",
"product": {
"name": "libvlccore9-3.0.16-1.5.aarch64",
"product_id": "libvlccore9-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-3.0.16-1.5.aarch64",
"product_id": "vlc-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-devel-3.0.16-1.5.aarch64",
"product_id": "vlc-devel-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-jack-3.0.16-1.5.aarch64",
"product_id": "vlc-jack-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-lang-3.0.16-1.5.aarch64",
"product_id": "vlc-lang-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-noX-3.0.16-1.5.aarch64",
"product_id": "vlc-noX-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-opencv-3.0.16-1.5.aarch64",
"product_id": "vlc-opencv-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-qt-3.0.16-1.5.aarch64",
"product_id": "vlc-qt-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.aarch64",
"product_id": "vlc-vdpau-3.0.16-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.ppc64le",
"product": {
"name": "libvlc5-3.0.16-1.5.ppc64le",
"product_id": "libvlc5-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.ppc64le",
"product": {
"name": "libvlccore9-3.0.16-1.5.ppc64le",
"product_id": "libvlccore9-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-3.0.16-1.5.ppc64le",
"product_id": "vlc-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-devel-3.0.16-1.5.ppc64le",
"product_id": "vlc-devel-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-jack-3.0.16-1.5.ppc64le",
"product_id": "vlc-jack-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-lang-3.0.16-1.5.ppc64le",
"product_id": "vlc-lang-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-noX-3.0.16-1.5.ppc64le",
"product_id": "vlc-noX-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-opencv-3.0.16-1.5.ppc64le",
"product_id": "vlc-opencv-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-qt-3.0.16-1.5.ppc64le",
"product_id": "vlc-qt-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.ppc64le",
"product_id": "vlc-vdpau-3.0.16-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.s390x",
"product": {
"name": "libvlc5-3.0.16-1.5.s390x",
"product_id": "libvlc5-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.s390x",
"product": {
"name": "libvlccore9-3.0.16-1.5.s390x",
"product_id": "libvlccore9-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.s390x",
"product": {
"name": "vlc-3.0.16-1.5.s390x",
"product_id": "vlc-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.s390x",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.s390x",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.s390x",
"product": {
"name": "vlc-devel-3.0.16-1.5.s390x",
"product_id": "vlc-devel-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.s390x",
"product": {
"name": "vlc-jack-3.0.16-1.5.s390x",
"product_id": "vlc-jack-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.s390x",
"product": {
"name": "vlc-lang-3.0.16-1.5.s390x",
"product_id": "vlc-lang-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.s390x",
"product": {
"name": "vlc-noX-3.0.16-1.5.s390x",
"product_id": "vlc-noX-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.s390x",
"product": {
"name": "vlc-opencv-3.0.16-1.5.s390x",
"product_id": "vlc-opencv-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.s390x",
"product": {
"name": "vlc-qt-3.0.16-1.5.s390x",
"product_id": "vlc-qt-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.s390x",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.s390x",
"product_id": "vlc-vdpau-3.0.16-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.x86_64",
"product": {
"name": "libvlc5-3.0.16-1.5.x86_64",
"product_id": "libvlc5-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.x86_64",
"product": {
"name": "libvlccore9-3.0.16-1.5.x86_64",
"product_id": "libvlccore9-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-3.0.16-1.5.x86_64",
"product_id": "vlc-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-devel-3.0.16-1.5.x86_64",
"product_id": "vlc-devel-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-jack-3.0.16-1.5.x86_64",
"product_id": "vlc-jack-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-lang-3.0.16-1.5.x86_64",
"product_id": "vlc-lang-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-noX-3.0.16-1.5.x86_64",
"product_id": "vlc-noX-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-opencv-3.0.16-1.5.x86_64",
"product_id": "vlc-opencv-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-qt-3.0.16-1.5.x86_64",
"product_id": "vlc-qt-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.x86_64",
"product_id": "vlc-vdpau-3.0.16-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64"
},
"product_reference": "libvlc5-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le"
},
"product_reference": "libvlc5-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x"
},
"product_reference": "libvlc5-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64"
},
"product_reference": "libvlc5-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64"
},
"product_reference": "libvlccore9-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le"
},
"product_reference": "libvlccore9-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x"
},
"product_reference": "libvlccore9-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64"
},
"product_reference": "libvlccore9-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x"
},
"product_reference": "vlc-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-devel-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-devel-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x"
},
"product_reference": "vlc-devel-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-devel-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-jack-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-jack-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x"
},
"product_reference": "vlc-jack-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-jack-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-lang-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-lang-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x"
},
"product_reference": "vlc-lang-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-lang-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-noX-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-noX-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x"
},
"product_reference": "vlc-noX-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-noX-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-opencv-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-opencv-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x"
},
"product_reference": "vlc-opencv-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-opencv-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-qt-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-qt-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x"
},
"product_reference": "vlc-qt-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-qt-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10699"
}
],
"notes": [
{
"category": "general",
"text": "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10699",
"url": "https://www.suse.com/security/cve/CVE-2017-10699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-10699"
},
{
"cve": "CVE-2017-9300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9300"
}
],
"notes": [
{
"category": "general",
"text": "plugins\\codec\\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9300",
"url": "https://www.suse.com/security/cve/CVE-2017-9300"
},
{
"category": "external",
"summary": "SUSE Bug 1041907 for CVE-2017-9300",
"url": "https://bugzilla.suse.com/1041907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-9300"
},
{
"cve": "CVE-2018-19857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19857"
}
],
"notes": [
{
"category": "general",
"text": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19857",
"url": "https://www.suse.com/security/cve/CVE-2018-19857"
},
{
"category": "external",
"summary": "SUSE Bug 1118586 for CVE-2018-19857",
"url": "https://bugzilla.suse.com/1118586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-19857"
},
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-14437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14437"
}
],
"notes": [
{
"category": "general",
"text": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14437",
"url": "https://www.suse.com/security/cve/CVE-2019-14437"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14437",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14437"
},
{
"cve": "CVE-2019-14498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14498"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14498",
"url": "https://www.suse.com/security/cve/CVE-2019-14498"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14498",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14498"
},
{
"cve": "CVE-2019-14533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14533"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14533",
"url": "https://www.suse.com/security/cve/CVE-2019-14533"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14533",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14533"
},
{
"cve": "CVE-2019-14534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14534"
}
],
"notes": [
{
"category": "general",
"text": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14534",
"url": "https://www.suse.com/security/cve/CVE-2019-14534"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14534",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14534"
},
{
"cve": "CVE-2019-14535",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14535"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14535",
"url": "https://www.suse.com/security/cve/CVE-2019-14535"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14535",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14535"
},
{
"cve": "CVE-2019-14776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14776"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14776",
"url": "https://www.suse.com/security/cve/CVE-2019-14776"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14776",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14776"
},
{
"cve": "CVE-2019-14777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14777"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14777",
"url": "https://www.suse.com/security/cve/CVE-2019-14777"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14777",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14777"
},
{
"cve": "CVE-2019-14970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14970"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14970",
"url": "https://www.suse.com/security/cve/CVE-2019-14970"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14970",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14970"
},
{
"cve": "CVE-2019-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5439"
}
],
"notes": [
{
"category": "general",
"text": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5439",
"url": "https://www.suse.com/security/cve/CVE-2019-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1138354 for CVE-2019-5439",
"url": "https://bugzilla.suse.com/1138354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5439"
},
{
"cve": "CVE-2019-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5460"
}
],
"notes": [
{
"category": "general",
"text": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5460",
"url": "https://www.suse.com/security/cve/CVE-2019-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1143547 for CVE-2019-5460",
"url": "https://bugzilla.suse.com/1143547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5460"
},
{
"cve": "CVE-2020-13428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13428"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13428",
"url": "https://www.suse.com/security/cve/CVE-2020-13428"
},
{
"category": "external",
"summary": "SUSE Bug 1172727 for CVE-2020-13428",
"url": "https://bugzilla.suse.com/1172727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-13428"
},
{
"cve": "CVE-2020-26664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26664"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26664",
"url": "https://www.suse.com/security/cve/CVE-2020-26664"
},
{
"category": "external",
"summary": "SUSE Bug 1180755 for CVE-2020-26664",
"url": "https://bugzilla.suse.com/1180755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26664"
}
]
}
OPENSUSE-SU-2020:0545-1
Vulnerability from csaf_opensuse - Published: 2020-04-23 08:12 - Updated: 2020-04-23 08:12Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc fixes the following issues:
vlc was updated to version 3.0.9.2:
+ Misc: Properly bump the version in configure.ac.
Changes from version 3.0.9.1:
+ Misc: Fix VLSub returning 401 for earch request.
Changes from version 3.0.9:
+ Core: Work around busy looping when playing an invalid item
through VLM.
+ Access:
* Multiple dvdread and dvdnav crashs fixes
* Fixed DVD glitches on clip change
* Fixed dvdread commands/data sequence inversion in some cases causing
unwanted glitches
* Better handling of authored as corrupted DVD
* Added libsmb2 support for SMB2/3 shares
+ Demux:
* Fix TTML entities not passed to decoder
* Fixed some WebVTT styling tags being not applied
* Misc raw H264/HEVC frame rate fixes
* Fix adaptive regression on TS format change (mostly HLS)
* Fixed MP4 regression with twos/sowt PCM audio
* Fixed some MP4 raw quicktime and ms-PCM audio
* Fixed MP4 interlacing handling
* Multiple adaptive stack (DASH/HLS/Smooth) fixes
* Enabled Live seeking for HLS
* Fixed seeking in some cases for HLS
* Improved Live playback for Smooth and DASH
* Fixed adaptive unwanted end of stream in some cases
* Faster adaptive start and new buffering control options
+ Packetizers:
* Fixes H264/HEVC incomplete draining in some cases
* packetizer_helper: Fix potential trailing junk on last packet
* Added missing drain in packetizers that was causing missing
last frame or audio
* Improved check to prevent fLAC synchronization drops
+ Decoder:
* avcodec: revector video decoder to fix incomplete drain
* spudec: implemented palette updates, fixing missing subtitles
on some DVD
* Fixed WebVTT CSS styling not being applied on Windows/macOS
* Fixed Hebrew teletext pages support in zvbi
* Fixed Dav1d aborting decoding on corrupted picture
* Extract and display of all CEA708 subtitles
* Update libfaad to 2.9.1
* Add DXVA support for VP9 Profile 2 (10 bits)
* Mediacodec aspect ratio with Amazon devices
+ Audio output:
* Added support for iOS audiounit audio above 48KHz
* Added support for amem audio up to 384KHz
+ Video output:
* Fix for opengl glitches in some drivers
* Fix GMA950 opengl support on macOS
* YUV to RGB StretchRect fixes with NVIDIA drivers
* Use libpacebo new tone mapping desaturation algorithm
+ Text renderer:
* Fix crashes on macOS with SSA/ASS subtitles containing emoji
* Fixed unwanted growing background in Freetype rendering and Y padding
+ Mux: Fixed some YUV mappings
+ Service Discovery: Update libmicrodns to 0.1.2.
+ Misc:
* Update YouTube, SoundCloud and Vocaroo scripts: this restores
playback of YouTube URLs.
* Add missing .wpl & .zpl file associations on Windows
* Improved chromecast audio quality
Update to version 3.0.8 'vetinari':
+ Fix stuttering for low framerate videos
+ Improve adaptive streaming
+ Improve audio output for external audio devices on macOS/iOS
+ Fix hardware acceleration with Direct3D11 for some AMD drivers
+ Fix WebVTT subtitles rendering
+ Vetinari is a major release changing a lot in the media engine of VLC.
It is one of the largest release we've ever done.
Notably, it:
- activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits,
allowing 4K60 or even 8K decoding with little CPU consumption,
- merges all the code from the mobile ports into the same codebase with
common numbering and releases,
- supports 360 video and 3D audio, and prepares for VR content,
- supports direct HDR and HDR tone-mapping,
- updates the audio passthrough for HD Audio codecs,
- allows browsing of local network drives like SMB, FTP, SFTP, NFS...
- stores the passwords securely,
- brings a new subtitle rendering engine, supporting ComplexTextLayout
and font fallback to support multiple languages and fonts,
- supports ChromeCast with the new renderer framework,
- adds support for numerous new formats and codecs, including WebVTT,
AV1, TTML, HQX, 708, Cineform, and many more,
- improves Bluray support with Java menus, aka BD-J,
- updates the macOS interface with major cleaning and improvements,
- support HiDPI UI on Windows, with the switch to Qt5,
- prepares the experimental support for Wayland on Linux, and
switches to OpenGL by default on Linux.
+ Security fixes included:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.
- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some
image loading libraries (libpng, libjpeg, ...) which are either wrapped
by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).
Patchnames
openSUSE-2020-545
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vlc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vlc fixes the following issues:\n\nvlc was updated to version 3.0.9.2:\n\n+ Misc: Properly bump the version in configure.ac.\n\nChanges from version 3.0.9.1:\n\n+ Misc: Fix VLSub returning 401 for earch request.\n\nChanges from version 3.0.9:\n\n+ Core: Work around busy looping when playing an invalid item\n through VLM.\n+ Access:\n * Multiple dvdread and dvdnav crashs fixes\n * Fixed DVD glitches on clip change\n * Fixed dvdread commands/data sequence inversion in some cases causing\n unwanted glitches\n * Better handling of authored as corrupted DVD\n * Added libsmb2 support for SMB2/3 shares\n+ Demux:\n * Fix TTML entities not passed to decoder\n * Fixed some WebVTT styling tags being not applied\n * Misc raw H264/HEVC frame rate fixes\n * Fix adaptive regression on TS format change (mostly HLS)\n * Fixed MP4 regression with twos/sowt PCM audio\n * Fixed some MP4 raw quicktime and ms-PCM audio\n * Fixed MP4 interlacing handling\n * Multiple adaptive stack (DASH/HLS/Smooth) fixes\n * Enabled Live seeking for HLS\n * Fixed seeking in some cases for HLS\n * Improved Live playback for Smooth and DASH\n * Fixed adaptive unwanted end of stream in some cases\n * Faster adaptive start and new buffering control options\n+ Packetizers:\n * Fixes H264/HEVC incomplete draining in some cases\n * packetizer_helper: Fix potential trailing junk on last packet\n * Added missing drain in packetizers that was causing missing\n last frame or audio\n * Improved check to prevent fLAC synchronization drops\n+ Decoder:\n * avcodec: revector video decoder to fix incomplete drain\n * spudec: implemented palette updates, fixing missing subtitles\n on some DVD\n * Fixed WebVTT CSS styling not being applied on Windows/macOS\n * Fixed Hebrew teletext pages support in zvbi\n * Fixed Dav1d aborting decoding on corrupted picture\n * Extract and display of all CEA708 subtitles\n * Update libfaad to 2.9.1\n * Add DXVA support for VP9 Profile 2 (10 bits)\n * Mediacodec aspect ratio with Amazon devices\n+ Audio output:\n * Added support for iOS audiounit audio above 48KHz\n * Added support for amem audio up to 384KHz\n+ Video output:\n * Fix for opengl glitches in some drivers\n * Fix GMA950 opengl support on macOS\n * YUV to RGB StretchRect fixes with NVIDIA drivers\n * Use libpacebo new tone mapping desaturation algorithm\n+ Text renderer:\n * Fix crashes on macOS with SSA/ASS subtitles containing emoji\n * Fixed unwanted growing background in Freetype rendering and Y padding\n+ Mux: Fixed some YUV mappings\n+ Service Discovery: Update libmicrodns to 0.1.2.\n+ Misc:\n * Update YouTube, SoundCloud and Vocaroo scripts: this restores\n playback of YouTube URLs.\n * Add missing .wpl \u0026 .zpl file associations on Windows\n * Improved chromecast audio quality\n\nUpdate to version 3.0.8 \u0027vetinari\u0027:\n\n+ Fix stuttering for low framerate videos\n+ Improve adaptive streaming\n+ Improve audio output for external audio devices on macOS/iOS\n+ Fix hardware acceleration with Direct3D11 for some AMD drivers\n+ Fix WebVTT subtitles rendering\n+ Vetinari is a major release changing a lot in the media engine of VLC.\n It is one of the largest release we\u0027ve ever done.\n Notably, it:\n - activates hardware decoding on all platforms, of H.264 \u0026 H.265, 8 \u0026 10bits,\n allowing 4K60 or even 8K decoding with little CPU consumption,\n - merges all the code from the mobile ports into the same codebase with\n common numbering and releases,\n - supports 360 video and 3D audio, and prepares for VR content,\n - supports direct HDR and HDR tone-mapping,\n - updates the audio passthrough for HD Audio codecs,\n - allows browsing of local network drives like SMB, FTP, SFTP, NFS...\n - stores the passwords securely,\n - brings a new subtitle rendering engine, supporting ComplexTextLayout\n and font fallback to support multiple languages and fonts,\n - supports ChromeCast with the new renderer framework,\n - adds support for numerous new formats and codecs, including WebVTT,\n AV1, TTML, HQX, 708, Cineform, and many more,\n - improves Bluray support with Java menus, aka BD-J,\n - updates the macOS interface with major cleaning and improvements,\n - support HiDPI UI on Windows, with the switch to Qt5,\n - prepares the experimental support for Wayland on Linux, and\n switches to OpenGL by default on Linux.\n+ Security fixes included:\n * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)\n * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)\n * Fix a read buffer overflow in the FAAD decoder\n * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)\n * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)\n * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)\n * Fix a use after free in the ASF demuxer (CVE-2019-14533)\n * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)\n * Fix a null dereference in the dvdnav demuxer\n * Fix a null dereference in the ASF demuxer (CVE-2019-14534)\n * Fix a null dereference in the AVI demuxer\n * Fix a division by zero in the CAF demuxer (CVE-2019-14498)\n * Fix a division by zero in the ASF demuxer (CVE-2019-14535)\n- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.\n\n- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some\n image loading libraries (libpng, libjpeg, ...) which are either wrapped\n by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-545",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0545-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0545-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SFHFURFW5IFIHSRDD3YMUC6GB232FD3U/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0545-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SFHFURFW5IFIHSRDD3YMUC6GB232FD3U/"
},
{
"category": "self",
"summary": "SUSE Bug 1142161",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "self",
"summary": "SUSE Bug 1146428",
"url": "https://bugzilla.suse.com/1146428"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14437 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14438 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14533 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14534 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14535 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14535/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14776 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14777 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14970 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14970/"
}
],
"title": "Security update for vlc",
"tracking": {
"current_release_date": "2020-04-23T08:12:41Z",
"generator": {
"date": "2020-04-23T08:12:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0545-1",
"initial_release_date": "2020-04-23T08:12:41Z",
"revision_history": [
{
"date": "2020-04-23T08:12:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"product": {
"name": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"product_id": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch"
},
"product_reference": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-14437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14437"
}
],
"notes": [
{
"category": "general",
"text": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14437",
"url": "https://www.suse.com/security/cve/CVE-2019-14437"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14437",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14437"
},
{
"cve": "CVE-2019-14438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14438"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14438",
"url": "https://www.suse.com/security/cve/CVE-2019-14438"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14438",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14438"
},
{
"cve": "CVE-2019-14498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14498"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14498",
"url": "https://www.suse.com/security/cve/CVE-2019-14498"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14498",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14498"
},
{
"cve": "CVE-2019-14533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14533"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14533",
"url": "https://www.suse.com/security/cve/CVE-2019-14533"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14533",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14533"
},
{
"cve": "CVE-2019-14534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14534"
}
],
"notes": [
{
"category": "general",
"text": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14534",
"url": "https://www.suse.com/security/cve/CVE-2019-14534"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14534",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14534"
},
{
"cve": "CVE-2019-14535",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14535"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14535",
"url": "https://www.suse.com/security/cve/CVE-2019-14535"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14535",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14535"
},
{
"cve": "CVE-2019-14776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14776"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14776",
"url": "https://www.suse.com/security/cve/CVE-2019-14776"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14776",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14776"
},
{
"cve": "CVE-2019-14777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14777"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14777",
"url": "https://www.suse.com/security/cve/CVE-2019-14777"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14777",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14777"
},
{
"cve": "CVE-2019-14778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14778"
}
],
"notes": [
{
"category": "general",
"text": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14778",
"url": "https://www.suse.com/security/cve/CVE-2019-14778"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14778",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14778"
},
{
"cve": "CVE-2019-14970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14970"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14970",
"url": "https://www.suse.com/security/cve/CVE-2019-14970"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14970",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14970"
}
]
}
CNVD-2019-31070
Vulnerability from cnvd - Published: 2019-09-11
VLAI Severity ?
Title
VideoLAN VLC media player资源管理错误漏洞(CNVD-2019-31070)
Description
VideoLAN VLC media player是法国VideoLAN组织的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV,MP3等)等。
VideoLAN VLC media player 3.0.7.1版本中的modules/demux/xiph.h文件的‘xiph_SplitHeaders’函数存在资源管理错误漏洞。目前没有详细漏洞细节提供。
Severity
中
Patch Name
VideoLAN VLC media player资源管理错误漏洞(CNVD-2019-31070)的补丁
Patch Description
VideoLAN VLC media player是法国VideoLAN组织的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV,MP3等)等。
VideoLAN VLC media player 3.0.7.1版本中的modules/demux/xiph.h文件的‘xiph_SplitHeaders’函数存在资源管理错误漏洞。目前没有详细漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.videolan.org/security/sb-vlc308.html
Reference
https://www.debian.org/security/2019/dsa-4504
Impacted products
| Name | VideoLAN VLC media player 3.0.7.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-14437"
}
},
"description": "VideoLAN VLC media player\u662f\u6cd5\u56fdVideoLAN\u7ec4\u7ec7\u7684\u4e00\u6b3e\u514d\u8d39\u3001\u5f00\u6e90\u7684\u8de8\u5e73\u53f0\u591a\u5a92\u4f53\u64ad\u653e\u5668\uff08\u4e5f\u662f\u4e00\u4e2a\u591a\u5a92\u4f53\u6846\u67b6\uff09\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u64ad\u653e\u591a\u79cd\u4ecb\u8d28\uff08\u6587\u4ef6\u3001\u5149\u76d8\u7b49\uff09\u3001\u591a\u79cd\u97f3\u89c6\u9891\u683c\u5f0f\uff08WMV,MP3\u7b49\uff09\u7b49\u3002\n\nVideoLAN VLC media player 3.0.7.1\u7248\u672c\u4e2d\u7684modules/demux/xiph.h\u6587\u4ef6\u7684\u2018xiph_SplitHeaders\u2019\u51fd\u6570\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"discovererName": "Antonio Morales",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.videolan.org/security/sb-vlc308.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-31070",
"openTime": "2019-09-11",
"patchDescription": "VideoLAN VLC media player\u662f\u6cd5\u56fdVideoLAN\u7ec4\u7ec7\u7684\u4e00\u6b3e\u514d\u8d39\u3001\u5f00\u6e90\u7684\u8de8\u5e73\u53f0\u591a\u5a92\u4f53\u64ad\u653e\u5668\uff08\u4e5f\u662f\u4e00\u4e2a\u591a\u5a92\u4f53\u6846\u67b6\uff09\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u64ad\u653e\u591a\u79cd\u4ecb\u8d28\uff08\u6587\u4ef6\u3001\u5149\u76d8\u7b49\uff09\u3001\u591a\u79cd\u97f3\u89c6\u9891\u683c\u5f0f\uff08WMV,MP3\u7b49\uff09\u7b49\u3002\r\n\r\nVideoLAN VLC media player 3.0.7.1\u7248\u672c\u4e2d\u7684modules/demux/xiph.h\u6587\u4ef6\u7684\u2018xiph_SplitHeaders\u2019\u51fd\u6570\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "VideoLAN VLC media player\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-31070\uff09\u7684\u8865\u4e01",
"products": {
"product": "VideoLAN VLC media player 3.0.7.1"
},
"referenceLink": "https://www.debian.org/security/2019/dsa-4504",
"serverity": "\u4e2d",
"submitTime": "2019-08-21",
"title": "VideoLAN VLC media player\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-31070\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…