{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for vlc","title":"Title of the patch"},{"category":"description","text":"This update for vlc to version 3.0.7.1 fixes the following issues:\n\nSecurity issues fixed:\n\t  \n- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).\n- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).\n- CVE-2019-5460: Fixed a double free (bsc#1143547).\n- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).\n- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).\n- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).\n\nNon-security issues fixed:\n\n- Video Output:\n  * Fix hardware acceleration with some AMD drivers\n  * Improve direct3d11 HDR support\n- Access:\n  * Improve Blu-ray support\n- Audio output:\n  * Fix pass-through on Android-23\n  * Fix DirectSound drain\n- Demux: Improve MP4 support\n- Video Output:\n  * Fix 12 bits sources playback with Direct3D11\n  * Fix crash on iOS\n  * Fix midstream aspect-ratio changes when Windows hardware decoding is on\n  * Fix HLG display with Direct3D11\n- Stream Output: Improve Chromecast support with new ChromeCast apps\n- Misc:\n  * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts\n  * Work around busy looping when playing an invalid item with loop enabled\n- Updated translations.\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2019-1840","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1840-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2019:1840-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC/#5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2019:1840-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC/#5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC"},{"category":"self","summary":"SUSE Bug 1118586","url":"https://bugzilla.suse.com/1118586"},{"category":"self","summary":"SUSE Bug 1138354","url":"https://bugzilla.suse.com/1138354"},{"category":"self","summary":"SUSE Bug 1138933","url":"https://bugzilla.suse.com/1138933"},{"category":"self","summary":"SUSE Bug 1141522","url":"https://bugzilla.suse.com/1141522"},{"category":"self","summary":"SUSE Bug 1142161","url":"https://bugzilla.suse.com/1142161"},{"category":"self","summary":"SUSE Bug 1143547","url":"https://bugzilla.suse.com/1143547"},{"category":"self","summary":"SUSE Bug 1143549","url":"https://bugzilla.suse.com/1143549"},{"category":"self","summary":"SUSE CVE CVE-2018-19857 page","url":"https://www.suse.com/security/cve/CVE-2018-19857/"},{"category":"self","summary":"SUSE CVE CVE-2019-12874 page","url":"https://www.suse.com/security/cve/CVE-2019-12874/"},{"category":"self","summary":"SUSE CVE CVE-2019-13602 page","url":"https://www.suse.com/security/cve/CVE-2019-13602/"},{"category":"self","summary":"SUSE CVE CVE-2019-13962 page","url":"https://www.suse.com/security/cve/CVE-2019-13962/"},{"category":"self","summary":"SUSE CVE CVE-2019-5439 page","url":"https://www.suse.com/security/cve/CVE-2019-5439/"},{"category":"self","summary":"SUSE CVE CVE-2019-5459 page","url":"https://www.suse.com/security/cve/CVE-2019-5459/"},{"category":"self","summary":"SUSE CVE CVE-2019-5460 page","url":"https://www.suse.com/security/cve/CVE-2019-5460/"}],"title":"Security update for vlc","tracking":{"current_release_date":"2019-08-08T15:58:05Z","generator":{"date":"2019-08-08T15:58:05Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2019:1840-1","initial_release_date":"2019-08-08T15:58:05Z","revision_history":[{"date":"2019-08-08T15:58:05Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"vlc-lang-3.0.7.1-lp151.6.3.1.noarch","product":{"name":"vlc-lang-3.0.7.1-lp151.6.3.1.noarch","product_id":"vlc-lang-3.0.7.1-lp151.6.3.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"libvlc5-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"libvlc5-3.0.7.1-lp151.6.3.1.x86_64","product_id":"libvlc5-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","product_id":"libvlccore9-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"vlc-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"vlc-3.0.7.1-lp151.6.3.1.x86_64","product_id":"vlc-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","product_id":"vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","product_id":"vlc-devel-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","product_id":"vlc-jack-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","product_id":"vlc-noX-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","product_id":"vlc-qt-3.0.7.1-lp151.6.3.1.x86_64"}},{"category":"product_version","name":"vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64","product":{"name":"vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64","product_id":"vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.1","product":{"name":"openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libvlc5-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"libvlc5-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"libvlccore9-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"vlc-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-devel-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-jack-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-lang-3.0.7.1-lp151.6.3.1.noarch as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch"},"product_reference":"vlc-lang-3.0.7.1-lp151.6.3.1.noarch","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-noX-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-qt-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"},"product_reference":"vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"}]},"vulnerabilities":[{"cve":"CVE-2018-19857","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-19857"}],"notes":[{"category":"general","text":"The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-19857","url":"https://www.suse.com/security/cve/CVE-2018-19857"},{"category":"external","summary":"SUSE Bug 1118586 for CVE-2018-19857","url":"https://bugzilla.suse.com/1118586"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":9.1,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-08-08T15:58:05Z","details":"moderate"}],"title":"CVE-2018-19857"},{"cve":"CVE-2019-12874","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-12874"}],"notes":[{"category":"general","text":"An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-12874","url":"https://www.suse.com/security/cve/CVE-2019-12874"},{"category":"external","summary":"SUSE Bug 1138933 for CVE-2019-12874","url":"https://bugzilla.suse.com/1138933"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-08-08T15:58:05Z","details":"important"}],"title":"CVE-2019-12874"},{"cve":"CVE-2019-13602","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-13602"}],"notes":[{"category":"general","text":"An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-13602","url":"https://www.suse.com/security/cve/CVE-2019-13602"},{"category":"external","summary":"SUSE Bug 1141522 for CVE-2019-13602","url":"https://bugzilla.suse.com/1141522"},{"category":"external","summary":"SUSE Bug 1146428 for CVE-2019-13602","url":"https://bugzilla.suse.com/1146428"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-08-08T15:58:05Z","details":"important"}],"title":"CVE-2019-13602"},{"cve":"CVE-2019-13962","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-13962"}],"notes":[{"category":"general","text":"lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-13962","url":"https://www.suse.com/security/cve/CVE-2019-13962"},{"category":"external","summary":"SUSE Bug 1142161 for CVE-2019-13962","url":"https://bugzilla.suse.com/1142161"},{"category":"external","summary":"SUSE Bug 1146428 for CVE-2019-13962","url":"https://bugzilla.suse.com/1146428"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-08-08T15:58:05Z","details":"critical"}],"title":"CVE-2019-13962"},{"cve":"CVE-2019-5439","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5439"}],"notes":[{"category":"general","text":"A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5439","url":"https://www.suse.com/security/cve/CVE-2019-5439"},{"category":"external","summary":"SUSE Bug 1138354 for CVE-2019-5439","url":"https://bugzilla.suse.com/1138354"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-08-08T15:58:05Z","details":"moderate"}],"title":"CVE-2019-5439"},{"cve":"CVE-2019-5459","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5459"}],"notes":[{"category":"general","text":"An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5459","url":"https://www.suse.com/security/cve/CVE-2019-5459"},{"category":"external","summary":"SUSE Bug 1143549 for CVE-2019-5459","url":"https://bugzilla.suse.com/1143549"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-08-08T15:58:05Z","details":"moderate"}],"title":"CVE-2019-5459"},{"cve":"CVE-2019-5460","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5460"}],"notes":[{"category":"general","text":"Double Free in VLC versions <= 3.0.6 leads to a crash.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5460","url":"https://www.suse.com/security/cve/CVE-2019-5460"},{"category":"external","summary":"SUSE Bug 1143547 for CVE-2019-5460","url":"https://bugzilla.suse.com/1143547"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch","openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64","openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-08-08T15:58:05Z","details":"moderate"}],"title":"CVE-2019-5460"}]}