CVE-2019-13615

Published: Jul 16, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

Affected (1)

Products: Videolan: Vlc Media Player

Videolan

1 product

Vlc Media Player

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Before 3.0.3

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (12)

http://www.securityfocus.com/bid/109304

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0

Source: cve@mitre.org

https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6

Source: cve@mitre.org

https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6

Source: cve@mitre.org

https://trac.videolan.org/vlc/ticket/22474

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://usn.ubuntu.com/4073-1/

Source: cve@mitre.org

http://www.securityfocus.com/bid/109304