CVE-2018-19857

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
Configurations

Configuration 1 (hide)

cpe:2.3:a:videolan:vlc_media_player:3.0.4:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 02:55

Type Values Removed Values Added
References
  • {'url': 'https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0', 'name': 'https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0 -

Information

Published : 2018-12-05 11:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-19857

Mitre link : CVE-2018-19857

CVE.ORG link : CVE-2018-19857


JSON object : View

Products Affected

debian

  • debian_linux

videolan

  • vlc_media_player
CWE
CWE-824

Access of Uninitialized Pointer