http://bugzilla.opensuse.org/show_bug.cgi?id=1141832 Bug ID: 1141832 Summary: VUL-1: CVE-2019-13615: vlc: VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv:demux_sys_t:FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv:Open in modules/demux/mkv/mkv.cpp. Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/237331/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: dimstar@opensuse.org Reporter: wolfgang.frisch@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-13615 VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13615 http://www.cvedetails.com/cve/CVE-2019-13615/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13615 https://trac.videolan.org/vlc/ticket/22474 -- You are receiving this mail because: You are on the CC list for the bug.