Description
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/502816
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
Scores
CVSS v3
7.1
EPSS
0.0118
EPSS Percentile
79.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-191
Status
published
Products (5)
opensuse/backports
sle-15
opensuse/backports_sle
15.0 sp1
opensuse/leap
15.0
opensuse/leap
15.1
videolan/vlc_media_player
< 3.0.7
Published
Jul 30, 2019
Tracked Since
Feb 18, 2026