AVG-998 log

Package	vlc
Status	Fixed
Severity	Critical
Type	arbitrary code execution
Affected	3.0.6-13
Fixed	3.0.7.1-1
Current	3.0.21-9 [extra]
Ticket	None
Created	Tue Jun 25 12:46:28 2019

Issue	Severity	Remote	Type	Description
CVE-2019-12874	Critical	Yes	Arbitrary code execution	VideoLAN VLC media player 3.0.6 and earlier has a double-free in the zlib_decompress_extra function of the Matroska demuxer in modules/demux/mkv/util.cpp.
CVE-2019-5439	Critical	Yes	Arbitrary code execution	VideoLAN VLC media player 3.0.6 and earlier has a out-of-bounds write has been found in the ReadFrame function of the AVI decoder.

Issue

Severity

Remote

Type

Description

CVE-2019-12874

Critical

Yes

Arbitrary code execution

VideoLAN VLC media player 3.0.6 and earlier has a double-free in the zlib_decompress_extra function of the Matroska demuxer in modules/demux/mkv/util.cpp.

CVE-2019-5439

Critical

Yes

Arbitrary code execution

VideoLAN VLC media player 3.0.6 and earlier has a out-of-bounds write has been found in the ReadFrame function of the AVI decoder.

Date	Advisory	Package	Type
25 Jun 2019	ASA-201906-22	vlc	arbitrary code execution

References
https://www.videolan.org/security/sa1901.html