QwikSec

Security Database

CVE

CWE

Training

CVE-2018-19857

Published: Dec 5, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0

x_refsource_MISC

https://dyntopia.com/advisories/013-vlc

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:1840

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1909

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1897

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2015

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.