SUSE Package Hub - openSUSE-2021-122

Update Info

openSUSE-2021-122

Security update for vlc

Type: security

Severity: important

Issued: 2021-01-20

Description:

This update for vlc fixes the following issues:

Update to 3.0.11.1:
    
- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)
- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2020-26664
CVE: CVE-2020-13428
Bugzilla: 1180755 VUL-0: CVE-2020-26664: vlc: A vulnerability in EbmlTypeDispatcher:send allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Bugzilla: 1172727 VUL-0: CVE-2020-13428: vlc: heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player
Bugzilla: 1133290 LTO: vlc build fails

Packages

vlc-3.0.11.1-bp152.2.9.1