An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vlc_media_player | Videolan | 3.0.0 (including) | 3.0.7 (including) |
| Vlc | Ubuntu | bionic | * |
| Vlc | Ubuntu | cosmic | * |
| Vlc | Ubuntu | disco | * |
| Vlc | Ubuntu | esm-apps/bionic | * |
| Vlc | Ubuntu | esm-apps/xenial | * |
| Vlc | Ubuntu | trusty | * |
| Vlc | Ubuntu | upstream | * |
| Vlc | Ubuntu | xenial | * |
Potential Mitigations
References
- http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
- http://www.securityfocus.com/bid/108882
- https://security.gentoo.org/glsa/201908-23
- https://usn.ubuntu.com/4074-1/
- http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
- http://www.securityfocus.com/bid/108882
- https://security.gentoo.org/glsa/201908-23
- https://usn.ubuntu.com/4074-1/