Debian update for vlc

Published: 2019-01-13 12:27:56
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-19857
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software vlc (Debian package)
Vulnerable software versions vlc (Debian package) 3.0.5-1
vlc (Debian package) 3.0.5-2
vlc (Debian package) 3.0.4-4

Show more

Vendor URL Debian

Security Advisory

1) Improper input validation


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of magic cookies in Core Audio Format (CAF) files, which could result in an uninitialized memory read in the CAF demuxer. A remote attacker can trick the victim into accessing a CAF file that submits malicious input, trigger typecast that converts a possibly negative return value to an unsigned integer in the ReadKukiChunk() function and cause the service to crash.


Update the affected package to version: 3.0.6-0+deb9u1

External links

Back to List