Vulnerability CVE-2019-13615


Published: 2019-07-16

Description:
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Videolan
Product: Vlc media player 
Version:
3.0.7.1
3.0.2
3.0.1
3.0.0
2.2.8
2.2.7
2.2.6
2.2.5.1
2.2.5
2.2.4
2.2.3
2.2.2
2.2.1
2.2.0
2.1.6
2.1.5
2.1.3
2.1.2
2.1.1
2.1.0
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.1.9
1.1.8
1.1.7
1.1.6.1
1.1.6
1.1.5
1.1.4.1
1.1.4
1.1.3
1.1.2
1.1.13
1.1.12
1.1.11
1.1.10.1
1.1.10
1.1.1
1.1.0
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
0.9.9a
0.9.9
0.9.8a
0.9.6
0.9.5
0.9.4
0.9.3
0.9.2
0.9.10
0.9.1
0.9.0
0.8.6i
0.8.6h
0.8.6g
0.8.6f
0.8.6e
0.8.6d
0.8.6c
0.8.6b
0.8.6a
0.8.6
0.8.5
0.8.4a
0.8.4
0.8.2
0.8.1337
0.8.1
0.8.0
0.7.2
0.7.1
0.7.0
0.6.2
0.6.1
0.6.0
0.5.3
0.5.2
0.5.1a
0.5.1
0.5.0
0.4.6
0.4.5
0.4.4
0.4.3-ac3
0.4.3
0.4.2
0.4.1
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/109304
https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0
https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6
https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6
https://trac.videolan.org/vlc/ticket/22474
https://usn.ubuntu.com/4073-1/

Related CVE
CVE-2019-5460
Double Free in VLC versions <= 3.0.6 leads to a crash.
CVE-2019-5459
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
CVE-2019-13962
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact...
CVE-2019-12874
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
CVE-2019-5439
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVE-2018-19857
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that...
CVE-2018-11529
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Copyright 2019, cxsecurity.com

 

Back to Top