CVE-2020-13428

Published
View on NVD ↗
CVSS v3
7.8
HIGH
CVSS v2
6.8
MEDIUM
Affected
2
PROJECTS

Description

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

videolan/vlc
videolan/vlc
VLC media player - plays everything, runs anywhere. Code here: https://code.videolan.org/videolan/vlc
GitHubGitHub
18.6K
videolan/vlc-3.0
videolan/vlc-3.0
VLC media player - 3.0 branch - All pull requests are ignored, please follow https://wiki.videolan.org/Sending_Patches_VLC/
GitHubGitHub
121