Off-by-one Error in DecodeBlock Function in VLC Media Player Allows Remote Memory Corruption

Off-by-one Error in DecodeBlock Function in VLC Media Player Allows Remote Memory Corruption

CVE-2019-19721 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

Learn more about our Web Application Penetration Testing UK.