CVE Vulnerabilities

CVE-2019-5459

Integer Underflow (Wrap or Wraparound)

Published: Jul 30, 2019 | Modified: Nov 03, 2021
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.

Weakness

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Affected Software

Name Vendor Start Version End Version
Vlc_media_player Videolan * 3.0.7 (excluding)
Faad2 Ubuntu bionic *
Faad2 Ubuntu disco *
Faad2 Ubuntu eoan *
Faad2 Ubuntu groovy *
Faad2 Ubuntu hirsute *
Faad2 Ubuntu impish *
Faad2 Ubuntu kinetic *
Faad2 Ubuntu lunar *
Faad2 Ubuntu mantic *
Faad2 Ubuntu trusty *
Faad2 Ubuntu trusty/esm *
Faad2 Ubuntu xenial *
Vlc Ubuntu trusty *

References