CVE-2019-12874 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
VideoLAN VLC media player 3.0.6 and earlier has a double-free in the zlib_decompress_extra function of the Matroska demuxer in modules/demux/mkv/util.cpp.
Group Package Affected Fixed Severity Status Ticket
AVG-998 vlc 3.0.6-13 3.0.7.1-1 Critical Fixed
Date Advisory Group Package Severity Description
25 Jun 2019 ASA-201906-22 AVG-998 vlc Critical arbitrary code execution
References
https://www.videolan.org/security/sa1901.html
https://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102