Source: vlc Version: 3.0.4-3 Severity: important Tags: patch security upstream
Hi, The following vulnerability was published for vlc. CVE-2018-19857[0]: | The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player | 3.0.4 may read memory from an uninitialized pointer when processing | magic cookies in CAF files, because a ReadKukiChunk() cast converts a | return value to an unsigned int even if that value is negative. This | could result in a denial of service and/or a potential infoleak. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-19857 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19857 [1] https://dyntopia.com/advisories/013-vlc [2] https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore