vlc: heap-based buffer overflow and crash (CVE-2019-13602)
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-13602
Patches:
- https://git.videolan.org/?p=vlc.git;a=patch;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
- https://git.videolan.org/?p=vlc.git;a=patch;h=b2b157076d9e94df34502dd8df0787deb940e938