AVG-998

Package vlc
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 3.0.6-13
Fixed 3.0.7.1-1
Current 3.0.8-1 [extra]
Ticket None
Created Tue Jun 25 12:46:28 2019
Issue Severity Remote Type Description
CVE-2019-12874 Critical Yes Arbitrary code execution
VideoLAN VLC media player 3.0.6 and earlier has a double-free in the zlib_decompress_extra function of the Matroska demuxer in modules/demux/mkv/util.cpp.
CVE-2019-5439 Critical Yes Arbitrary code execution
VideoLAN VLC media player 3.0.6 and earlier has a out-of-bounds write has been found in the ReadFrame function of the AVI decoder.
Date Advisory Package Description
25 Jun 2019 ASA-201906-22 vlc arbitrary code execution
References
https://www.videolan.org/security/sa1901.html