CVE-2019-19721

An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

Published: May 15, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-19721
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-787
CWE-193

Affected Software
References

Software	From	Fixed in
videolan / vlc_media_player	-	3.0.9

http://hg.libsdl.org/SDL_image/
https://bugs.gentoo.org/721940
https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b
https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b
https://www.videolan.org/security/

Vulnerability Database

289,697

CVE-2019-19721