Vulnerabilities > CVE-2019-5460 - Double Free vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

videolan

opensuse

CWE-415

nessus

NVD

Published: 2019-07-30

Updated: 2023-03-03

Summary

Double Free in VLC versions <= 3.0.6 leads to a crash.

Vulnerable Configurations

Part	Description	Count
Application	Videolan Videolan VLC Media Player - Videolan VLC Media Player 0.1.99A Videolan VLC Media Player 0.1.99B Videolan VLC Media Player 0.1.99C Videolan VLC Media Player 0.1.99D Videolan VLC Media Player 0.1.99E Videolan VLC Media Player 0.1.99F Videolan VLC Media Player 0.1.99G Videolan VLC Media Player 0.1.99H Videolan VLC Media Player 0.1.99I Videolan VLC Media Player 0.2.0 Videolan VLC Media Player 0.2.50 Videolan VLC Media Player 0.2.60 Videolan VLC Media Player 0.2.61 Videolan VLC Media Player 0.2.62 Videolan VLC Media Player 0.2.63 Videolan VLC Media Player 0.2.70 Videolan VLC Media Player 0.2.71 Videolan VLC Media Player 0.2.72 Videolan VLC Media Player 0.2.73 Videolan VLC Media Player 0.2.80 Videolan VLC Media Player 0.2.81 Videolan VLC Media Player 0.2.82 Videolan VLC Media Player 0.2.83 Videolan VLC Media Player 0.2.90 Videolan VLC Media Player 0.2.91 Videolan VLC Media Player 0.2.92 Videolan VLC Media Player 0.3.0 Videolan VLC Media Player 0.3.1 Videolan VLC Media Player 0.4.0 Videolan VLC Media Player 0.4.1 Videolan VLC Media Player 0.4.2 Videolan VLC Media Player 0.4.3 Videolan VLC Media Player 0.4.3-Ac3 Videolan VLC Media Player 0.4.4 Videolan VLC Media Player 0.4.5 Videolan VLC Media Player 0.4.6 Videolan VLC Media Player 0.5.0 Videolan VLC Media Player 0.5.1 Videolan VLC Media Player 0.5.1A Videolan VLC Media Player 0.5.2 Videolan VLC Media Player 0.5.3 Videolan VLC Media Player 0.6.0 Videolan VLC Media Player 0.6.1 Videolan VLC Media Player 0.6.2 Videolan VLC Media Player 0.7.0 Videolan VLC Media Player 0.7.1 Videolan VLC Media Player 0.7.2 Videolan VLC Media Player 0.8.0 Videolan VLC Media Player 0.8.1 Videolan VLC Media Player 0.8.2 Videolan VLC Media Player 0.8.4 Videolan VLC Media Player 0.8.4A Videolan VLC Media Player 0.8.5 Videolan VLC Media Player 0.8.6 Videolan VLC Media Player 0.8.6A Videolan VLC Media Player 0.8.6B Videolan VLC Media Player 0.8.6C Videolan VLC Media Player 0.8.6D Videolan VLC Media Player 0.8.6E Videolan VLC Media Player 0.8.6F Videolan VLC Media Player 0.8.6G Videolan VLC Media Player 0.8.6H Videolan VLC Media Player 0.8.6I Videolan VLC Media Player 0.8.1337 Videolan VLC Media Player 0.9.0 Videolan VLC Media Player 0.9.1 Videolan VLC Media Player 0.9.2 Videolan VLC Media Player 0.9.3 Videolan VLC Media Player 0.9.4 Videolan VLC Media Player 0.9.5 Videolan VLC Media Player 0.9.6 Videolan VLC Media Player 0.9.8A Videolan VLC Media Player 0.9.9 Videolan VLC Media Player 0.9.9A Videolan VLC Media Player 0.9.10 Videolan VLC Media Player 1.0.0 Videolan VLC Media Player 1.0.1 Videolan VLC Media Player 1.0.2 Videolan VLC Media Player 1.0.3 Videolan VLC Media Player 1.0.4 Videolan VLC Media Player 1.0.5 Videolan VLC Media Player 1.0.6 Videolan VLC Media Player 1.1.0 Videolan VLC Media Player 1.1.1 Videolan VLC Media Player 1.1.2 Videolan VLC Media Player 1.1.3 Videolan VLC Media Player 1.1.4 Videolan VLC Media Player 1.1.4.1 Videolan VLC Media Player 1.1.5 Videolan VLC Media Player 1.1.6 Videolan VLC Media Player 1.1.6.1 Videolan VLC Media Player 1.1.7 Videolan VLC Media Player 1.1.8 Videolan VLC Media Player 1.1.9 Videolan VLC Media Player 1.1.10 Videolan VLC Media Player 1.1.10.1 Videolan VLC Media Player 1.1.11 Videolan VLC Media Player 1.1.12 Videolan VLC Media Player 1.1.13 Videolan VLC Media Player 2.0.0 Videolan VLC Media Player 2.0.1 Videolan VLC Media Player 2.0.2 Videolan VLC Media Player 2.0.3 Videolan VLC Media Player 2.0.4 Videolan VLC Media Player 2.0.5 Videolan VLC Media Player 2.0.6 Videolan VLC Media Player 2.0.7 Videolan VLC Media Player 2.0.8 Videolan VLC Media Player 2.0.9 Videolan VLC Media Player 2.1.0 Videolan VLC Media Player 2.1.1 Videolan VLC Media Player 2.1.2 Videolan VLC Media Player 2.1.3 Videolan VLC Media Player 2.1.5 Videolan VLC Media Player 2.1.6 Videolan VLC Media Player 2.2.0 Videolan VLC Media Player 2.2.1 Videolan VLC Media Player 2.2.2 Videolan VLC Media Player 2.2.3 Videolan VLC Media Player 2.2.4 Videolan VLC Media Player 2.2.5 Videolan VLC Media Player 2.2.5.1 Videolan VLC Media Player 2.2.6 Videolan VLC Media Player 2.2.7 Videolan VLC Media Player 2.2.8 Videolan VLC Media Player 3.0.0 Videolan VLC Media Player 3.0.1 Videolan VLC Media Player 3.0.2 Videolan VLC Media Player 3.0.3 Videolan VLC Media Player 3.0.4 Videolan VLC Media Player 3.0.5 Videolan VLC Media Player 3.0.6	134
OS	Opensuse Opensuse Leap 15.0 Opensuse Leap 15.1 Opensuse Backports Sle-15	4

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1909.NASL
description	This update for vlc to version 3.0.7.1 fixes the following issues : Security issues fixed : - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354). - CVE-2019-5459: Fixed an integer underflow (bsc#1143549). - CVE-2019-5460: Fixed a double free (bsc#1143547). - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933). - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522). - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161). Non-security issues fixed : - Video Output : - Fix hardware acceleration with some AMD drivers - Improve direct3d11 HDR support - Access : - Improve Blu-ray support - Audio output : - Fix pass-through on Android-23 - Fix DirectSound drain - Demux: Improve MP4 support - Video Output : - Fix 12 bits sources playback with Direct3D11 - Fix crash on iOS - Fix midstream aspect-ratio changes when Windows hardware decoding is on - Fix HLG display with Direct3D11 - Stream Output: Improve Chromecast support with new ChromeCast apps - Misc : - Update Youtube, Dailymotion, Vimeo, Soundcloud scripts - Work around busy looping when playing an invalid item with loop enabled - Updated translations. New package libaom : - Initial version 1.0.0 - A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format designed for video transmissions over the Internet.
last seen	2020-05-09
modified	2019-08-20
plugin id	128001
published	2019-08-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128001
title	openSUSE Security Update : vlc (openSUSE-2019-1909)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1909. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(128001); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08"); script_cve_id("CVE-2018-19857", "CVE-2019-12874", "CVE-2019-13602", "CVE-2019-13962", "CVE-2019-5439", "CVE-2019-5459", "CVE-2019-5460"); script_xref(name:"IAVB", value:"2019-B-0074-S"); script_name(english:"openSUSE Security Update : vlc (openSUSE-2019-1909)"); script_summary(english:"Check for the openSUSE-2019-1909 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for vlc to version 3.0.7.1 fixes the following issues : Security issues fixed : - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354). - CVE-2019-5459: Fixed an integer underflow (bsc#1143549). - CVE-2019-5460: Fixed a double free (bsc#1143547). - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933). - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522). - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161). Non-security issues fixed : - Video Output : - Fix hardware acceleration with some AMD drivers - Improve direct3d11 HDR support - Access : - Improve Blu-ray support - Audio output : - Fix pass-through on Android-23 - Fix DirectSound drain - Demux: Improve MP4 support - Video Output : - Fix 12 bits sources playback with Direct3D11 - Fix crash on iOS - Fix midstream aspect-ratio changes when Windows hardware decoding is on - Fix HLG display with Direct3D11 - Stream Output: Improve Chromecast support with new ChromeCast apps - Misc : - Update Youtube, Dailymotion, Vimeo, Soundcloud scripts - Work around busy looping when playing an invalid item with loop enabled - Updated translations. New package libaom : - Initial version 1.0.0 - A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format designed for video transmissions over the Internet." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093732" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094893" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133290" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138354" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138933" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141522" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142161" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143547" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143549" ); script_set_attribute(attribute:"solution", value:"Update the affected vlc packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:aom-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:aom-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaom-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaom-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaom0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libaom0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore9-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-codec-gstreamer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-codec-gstreamer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-jack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-jack-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-vdpau"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-vdpau-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"aom-tools-1.0.0-lp150.2.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"aom-tools-debuginfo-1.0.0-lp150.2.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libaom-debugsource-1.0.0-lp150.2.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libaom-devel-1.0.0-lp150.2.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libaom0-1.0.0-lp150.2.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libaom0-debuginfo-1.0.0-lp150.2.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvlc5-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvlc5-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvlccore9-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvlccore9-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-codec-gstreamer-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-codec-gstreamer-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-debugsource-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-devel-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-jack-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-jack-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-lang-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-noX-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-noX-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-qt-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-qt-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-vdpau-3.0.7.1-lp150.8.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"vlc-vdpau-debuginfo-3.0.7.1-lp150.8.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "aom-tools / aom-tools-debuginfo / libaom-debugsource / libaom-devel / etc"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1840.NASL
description	This update for vlc to version 3.0.7.1 fixes the following issues : Security issues fixed : - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354). - CVE-2019-5459: Fixed an integer underflow (bsc#1143549). - CVE-2019-5460: Fixed a double free (bsc#1143547). - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933). - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522). - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161). Non-security issues fixed : - Video Output : - Fix hardware acceleration with some AMD drivers - Improve direct3d11 HDR support - Access : - Improve Blu-ray support - Audio output : - Fix pass-through on Android-23 - Fix DirectSound drain - Demux: Improve MP4 support - Video Output : - Fix 12 bits sources playback with Direct3D11 - Fix crash on iOS - Fix midstream aspect-ratio changes when Windows hardware decoding is on - Fix HLG display with Direct3D11 - Stream Output: Improve Chromecast support with new ChromeCast apps - Misc : - Update Youtube, Dailymotion, Vimeo, Soundcloud scripts - Work around busy looping when playing an invalid item with loop enabled - Updated translations.
last seen	2020-05-09
modified	2019-08-12
plugin id	127743
published	2019-08-12
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127743
title	openSUSE Security Update : vlc (openSUSE-2019-1840)

NASL family	Windows
NASL id	VLC_3_0_7.NASL
description	The version of VLC media player installed on the remote host is earlier than 3.0.7. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer overflow condition exists in ReadFrame due to improper parsing of AVI files. A remote attacker can exploit this by tricking a user into opening a specially crafted avi file to cause a denial of service condition or the execution of arbitrary code.(CVE-2019-5439) - A double free vulnerability exists in zlib_decompress_extra due to improper parsing of MKV files. A remote attacker can exploit this by tricking a user into opening a specially crafted MKV file to cause a denial of service condition or the execution of arbitrary code.(CVE-2019-12874) - An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read..(CVE-2019-5459) - A double free vulnerability exists which lead to VLC application to crash. (CVE-2019-5460)
last seen	2020-05-31
modified	2019-06-25
plugin id	126246
published	2019-06-25
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126246
title	VLC < 3.0.7 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References