[www-doc] [Git][VideoLAN.org/websites][master] sb-vlc3011: Clarify affected platforms
Jean-Baptiste Kempf
gitlab at videolan.org
Thu Jun 18 20:46:45 CEST 2020
Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites
Commits:
2272a864 by Hugo Beauzée-Luyssen at 2020-06-18T20:45:43+02:00
sb-vlc3011: Clarify affected platforms
- - - - -
1 changed file:
- www.videolan.org/security/sb-vlc3011.php
Changes:
=====================================
www.videolan.org/security/sb-vlc3011.php
=====================================
@@ -22,6 +22,7 @@ CVE references : CVE-2020-13428
<p>A remote user could create a specifically crafted file that could trigger a buffer overflow in VLC's H26X packetizer</p>
<h2>Impact</h2>
+<p>The affected code was only used by macOS/iOS hardware accelerated decoder (VideoToolbox), meaning other platforms are unaffected.</p>
<p>If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.</p>
<p>While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or
remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.</p>
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/2272a8642b2f7c733dfd078b8aaec5b38f08e8d6
--
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/2272a8642b2f7c733dfd078b8aaec5b38f08e8d6
You're receiving this email because of your account on code.videolan.org.
More information about the www-doc
mailing list