{"id":"MGASA-2020-0272","summary":"Updated vlc packages fix security vulnerability","details":"Updated vlc packages fixes security vulnerability:\n\nA heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in\nmodules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11\nallows remote attackers to cause a denial of service (application crash)\nor execute arbitrary code via a crafted H.264 Annex-B video (.avi for\nexample) file (CVE-2020-13428).\n\nThe vlc package has been updated to version 3.0.11, fixing this issue and\nother bugs.\n","modified":"2026-02-04T03:40:47.592922Z","published":"2020-07-04T22:47:21Z","related":["CVE-2020-13428"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0272.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26809"},{"type":"REPORT","url":"https://git.videolan.org/?p=vlc/vlc-3.0.git;a=blob;f=NEWS;h=5a61ba26cec611bbc045fb235d40eba9e0a88ccf;hb=dc0c5ced7230e5660142302c7c1aef6cc14f3564"}],"affected":[{"package":{"name":"vlc","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/vlc?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.11-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0272.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}