Vulnerability-Lookup

CVE-2020-13428 (GCVE-0-2020-13428)

Vulnerability from cvelistv5 – Published: 2020-06-08 18:13 – Updated: 2024-08-04 12:18

Summary

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

5 references

URL	Tags
https://github.com/videolan/vlc/commits/master/mo…	x_refsource_MISC
http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=co…	x_refsource_MISC
https://github.com/videolan/vlc-3.0/releases/tag/3.0.11	x_refsource_CONFIRM
https://www.debian.org/security/2020/dsa-4704	vendor-advisoryx_refsource_DEBIAN
https://www.videolan.org/security/sb-vlc3011.html	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:18:18.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
          },
          {
            "name": "DSA-4704",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4704"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc3011.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-19T15:04:24.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
        },
        {
          "name": "DSA-4704",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4704"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc3011.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13428",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c",
              "refsource": "MISC",
              "url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
            },
            {
              "name": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0",
              "refsource": "MISC",
              "url": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0"
            },
            {
              "name": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11",
              "refsource": "CONFIRM",
              "url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
            },
            {
              "name": "DSA-4704",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4704"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc3011.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc3011.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13428",
    "datePublished": "2020-06-08T18:13:04.000Z",
    "dateReserved": "2020-05-23T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:18:18.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-13428",
      "date": "2026-05-30",
      "epss": "0.0692",
      "percentile": "0.91542"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-13428\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-08T19:15:10.580\",\"lastModified\":\"2024-11-21T05:01:14.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n hxxx_AnnexB_to_xVC en el archivo modules/packetizer/hxxx_nal.c  en el reproductor multimedia VideoLAN VLC en versines anteriores a la 3.0.11 para macOS/iOS permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n) o ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un archivo de v\u00eddeo H.264 Anexo-B elaborado (.avi por ejemplo)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:iphone_os:*:*\",\"versionEndExcluding\":\"3.0.11\",\"matchCriteriaId\":\"02E30712-5A58-4DA5-95B5-6336DA1754F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"3.0.11\",\"matchCriteriaId\":\"472504D8-7E66-4B5E-B5FA-DCFC5D2D33FA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/videolan/vlc-3.0/releases/tag/3.0.11\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.videolan.org/security/sb-vlc3011.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/videolan/vlc-3.0/releases/tag/3.0.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.videolan.org/security/sb-vlc3011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

WID-SEC-W-2023-1516

Vulnerability from csaf_certbund - Published: 2020-06-08 22:00 - Updated: 2023-06-20 22:00

Summary

VLC: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: VLC Media Player ist ein Programm zur Wiedergabe von Multimedia-Dateien und Netzwerkstreams.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VLC ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - MacOS X - iPhoneOS

CVE-2020-13428

In VLC für iOS und VLC für macOS existiert eine Schwachstelle aufgrund eines heap-basierten Pufferüberlaufs in der Funktion "hxxx_AnnexB_to_xVC" in [modules/packetizer/hxxx_nal.c]. Ein Angreifer kann eine speziell gestaltete Videodatei in H.264 Annex-B-Kodierung verwenden, um beliebigen Code auszuführen oder die Anwendung zum Absturz zu bringen. Für eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine bösartig gestaltete Videodatei zu öffnen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Open Source VLC iOS <= 3.2.8 Open Source / VLC	`cpe:/a:videolan:vlc_media_player:3.2.8::ios`	—
Open Source VLC macOS <= 3.0.10 Open Source / VLC	`cpe:/a:videolan:vlc_media_player:3.0.10::macos`	—

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://ubuntu.com/security/notices/USN-6180-1	external
https://github.com/videolan/vlc-3.0/releases/tag/3.0.11	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13428	external
https://www.debian.org/security/2020/dsa-4704	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "VLC Media Player ist ein Programm zur Wiedergabe von Multimedia-Dateien und Netzwerkstreams.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VLC ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuf\u00fchren oder um einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1516 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-1516.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1516 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1516"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6180-1 vom 2023-06-21",
        "url": "https://ubuntu.com/security/notices/USN-6180-1"
      },
      {
        "category": "external",
        "summary": "VLC Release 3.0.11 vom 2020-06-04",
        "url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2020-13428 vom 2020-06-08",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13428"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4704 vom 2020-06-17",
        "url": "https://www.debian.org/security/2020/dsa-4704"
      }
    ],
    "source_lang": "en-US",
    "title": "VLC: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode",
    "tracking": {
      "current_release_date": "2023-06-20T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:52:49.205+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1516",
      "initial_release_date": "2020-06-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-06-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-06-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-06-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source VLC iOS \u003c= 3.2.8",
                "product": {
                  "name": "Open Source VLC iOS \u003c= 3.2.8",
                  "product_id": "T016693",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:videolan:vlc_media_player:3.2.8::ios"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source VLC macOS \u003c= 3.0.10",
                "product": {
                  "name": "Open Source VLC macOS \u003c= 3.0.10",
                  "product_id": "T016694",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:videolan:vlc_media_player:3.0.10::macos"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VLC"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13428",
      "notes": [
        {
          "category": "description",
          "text": "In VLC f\u00fcr iOS und VLC f\u00fcr macOS existiert eine Schwachstelle aufgrund eines heap-basierten Puffer\u00fcberlaufs in der Funktion \"hxxx_AnnexB_to_xVC\" in [modules/packetizer/hxxx_nal.c]. Ein Angreifer kann eine speziell gestaltete Videodatei in H.264 Annex-B-Kodierung verwenden, um beliebigen Code auszuf\u00fchren oder die Anwendung zum Absturz zu bringen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Videodatei zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T000126"
        ],
        "last_affected": [
          "T016693",
          "T016694"
        ]
      },
      "release_date": "2020-06-08T22:00:00.000+00:00",
      "title": "CVE-2020-13428"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-13428 (GCVE-0-2020-13428)

WID-SEC-W-2023-1516

Tags

Sightings

Nomenclature