Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-19857

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.

Related bugs and status

CVE-2018-19857 (Candidate) is related to these bugs:

Bug #1812480: [SRU] Update to bugfix release 3.0.8 in Bionic

Summary				In	Importance	Status
	1812480	[SRU] Update to bugfix release 3.0.8 in Bionic		vlc (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://dyntopia.com/a...
MISC: https://git.videolan.o...
BID: 106130
DEBIAN: DSA-4366
UBUNTU: USN-4074-1
SUSE: openSUSE-SU-2019:1840
SUSE: openSUSE-SU-2019:1897
SUSE: openSUSE-SU-2019:1909
SUSE: openSUSE-SU-2019:2015