Source: vlc
Version: 3.0.4-3
Severity: important
Tags: patch security upstream


The following vulnerability was published for vlc.

| The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player
| 3.0.4 may read memory from an uninitialized pointer when processing
| magic cookies in CAF files, because a ReadKukiChunk() cast converts a
| return value to an unsigned int even if that value is negative. This
| could result in a denial of service and/or a potential infoleak.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


Reply via email to