Univention Bugzilla – Bug 52065
(ES 4.3) vlc
Last modified: 2020-11-30 18:18:26 CET
Provide vlc version 3.0.11-0+deb9u1 for UCS 4.3 First imported at bug #51544 This update addresses the following issue: * A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. (CVE-2020-13428)
OK - 3.0.11-0+deb9u1
CLOSED: Released as extsec4.3 update