UbuntuUpdates.org

Package "vlc"

Name: vlc

Description:

multimedia player and streamer

Latest version: 3.0.8-0ubuntu19.04.1
Release: disco (19.04)
Level: security
Repository: universe
Homepage: https://www.videolan.org/vlc/

Links

Save this URL for the latest version of "vlc": https://www.ubuntuupdates.org/vlc


Download "vlc"


Other versions of "vlc" in Disco

Repository Area Version
base universe 3.0.6-1
updates universe 3.0.8-0ubuntu19.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.8-0ubuntu19.04.1 2019-09-12 14:06:22 UTC

  vlc (3.0.8-0ubuntu19.04.1) disco-security; urgency=medium

  * Updated to 3.0.8 to fix multiple security issues.
    - debian/patches/*: sync patches with 3.0.8-2.
    - CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498,
      CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776,
      CVE-2019-14777, CVE-2019-14778, CVE-2019-14970

 -- Marc Deslauriers <email address hidden> Wed, 11 Sep 2019 07:37:05 -0400

Source diff to previous version
CVE-2019-13962 lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not pr
CVE-2019-14437 The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap
CVE-2019-14438 A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a
CVE-2019-14498 A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a
CVE-2019-14533 The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14534 In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial o
CVE-2019-14535 A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered
CVE-2019-14776 A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
CVE-2019-14777 The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14778 The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14970 A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a cra

Version: 3.0.7.1-0ubuntu19.04.1 2019-07-25 15:07:37 UTC

  vlc (3.0.7.1-0ubuntu19.04.1) disco-security; urgency=medium

  * Updated to 3.0.7.1 to fix multiple security issues.
    - debian/patches/*: sync patches with 3.0.7.1-3.
    - CVE-2019-5439
    - CVE-2019-12874
    - CVE-2019-13602

 -- Marc Deslauriers <email address hidden> Wed, 24 Jul 2019 10:40:43 -0400

CVE-2019-5439 A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVE-2019-12874 An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer,
CVE-2019-13602 An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause



About   -   Send Feedback to @ubuntu_updates