Multiple vulnerabilities in VLC Media Player
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-9308 CVE-2019-19221 CVE-2020-13428 |
| CWE-ID | CWE-119 CWE-125 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
VLC Media Player Client/Desktop applications / Multimedia software |
| Vendor | VideoLAN |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU25750
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9308
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing RAR5 files in archive_read_support_format_rar5.c in libarchive. A remote attacker can create a specially crafted RAR5 file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall latest version from vendor's website.
VLC Media Player: 2.0.0 - 3.0.10
External linkshttp://github.com/videolan/vlc-3.0/releases/tag/3.0.11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU22931
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19221
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in "archive_wstring_append_from_mbs" in "archive_string.c" because of an incorrect "mbrtowc" or "mbtowc" call. A remote attacker can create a specially crafted archive file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall latest version from vendor's website.
VLC Media Player: 2.0.0 - 3.0.10
External linkshttp://github.com/videolan/vlc-3.0/releases/tag/3.0.11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU29119
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13428
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the hxxx_AnnexB_to_xVC() function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player when processing H.264 Annex-B video files. A remote attacker can create a specially crafted .avi file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationVLC Media Player: 2.0.0 - 3.0.10
External linkshttp://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
http://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c
http://github.com/videolan/vlc-3.0/releases/tag/3.0.11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
