Bug 1180755 - (CVE-2020-26664) VUL-0: CVE-2020-26664: vlc: A vulnerability in EbmlTypeDispatcher:send allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
(CVE-2020-26664)
VUL-0: CVE-2020-26664: vlc: A vulnerability in EbmlTypeDispatcher:send allows...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Dominique Leuenberger
Security Team bot
https://smash.suse.de/issue/274947/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-11 08:22 UTC by Robert Frohl
Modified: 2021-02-02 10:45 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-01-11 08:22:55 UTC
CVE-2020-26664

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11
allows attackers to trigger a heap-based buffer overflow via a crafted .mkv
file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26664
http://videolan.com
http://vlc.com
https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt
Comment 1 Robert Frohl 2021-01-11 08:25:22 UTC
also relevant for Leap 15.1 and 15.2
Comment 2 OBSbugzilla Bot 2021-01-14 17:10:22 UTC
This is an autogenerated message for OBS integration:
This bug (1180755) was mentioned in
https://build.opensuse.org/request/show/863152 Factory / vlc
https://build.opensuse.org/request/show/863153 15.1 / vlc
https://build.opensuse.org/request/show/863154 15.2 / vlc
Comment 3 Swamp Workflow Management 2021-01-16 14:29:46 UTC
openSUSE-SU-2021:0076-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1133290,1172727,1180755
CVE References: CVE-2020-13428,CVE-2020-26664
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    vlc-3.0.11.1-lp151.6.12.1
Comment 4 Swamp Workflow Management 2021-01-16 23:16:54 UTC
openSUSE-SU-2021:0091-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1133290,1172727,1180755
CVE References: CVE-2020-13428,CVE-2020-26664
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    vlc-3.0.11.1-lp152.2.9.1
Comment 5 Swamp Workflow Management 2021-01-19 23:16:59 UTC
openSUSE-SU-2021:0121-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1133290,1172727,1180755
CVE References: CVE-2020-13428,CVE-2020-26664
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    vlc-3.0.11.1-bp151.5.12.1
Comment 6 Swamp Workflow Management 2021-01-20 05:16:47 UTC
openSUSE-SU-2021:0122-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1133290,1172727,1180755
CVE References: CVE-2020-13428,CVE-2020-26664
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    vlc-3.0.11.1-bp152.2.9.1
Comment 7 Dominique Leuenberger 2021-02-02 10:45:48 UTC
All published