CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Microsoft Windows specific usage questions
Forum rules
Please post only Windows specific questions in this forum category. If you don't know where to post, please read the different forums' rules. Thanks.
avanvooren
New Cone
New Cone
Posts: 3
Joined: 31 Jul 2019 21:42

CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Postby avanvooren » 31 Jul 2019 21:49

CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows) claims there is a vulnerability rating a 6.8 score. Does anybody know of any plans to address it with an upgrade? ETA?

Alternatively, how does one contact VLC directly to ask this question?

Thanks.

BlockSolid
Blank Cone
Blank Cone
Posts: 11
Joined: 28 Jul 2019 15:11
VLC version: 3.0.7.1
Operating System: Windows 10 v1809

Re: CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Postby BlockSolid » 31 Jul 2019 22:37

If you do some research by using google and looking at comments, it isn't as severe as it has been claimed at start and has been fixed long time ago.

https://twitter.com/videolan
https://threader.app/thread/1153963312981389312
Last edited by BlockSolid on 31 Jul 2019 22:58, edited 1 time in total.

Rémi Denis-Courmont
Developer
Developer
Posts: 15266
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Postby Rémi Denis-Courmont » 31 Jul 2019 22:40

If you have a question about ratings, ask the ones making the ratings.

As far as I am concerned, this is a very minor vulnerability - it will just crash the player if you open a corrupt file.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

Lotesdelere
Cone Master
Cone Master
Posts: 9967
Joined: 08 Sep 2006 04:39
Location: Europe

Re: CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Postby Lotesdelere » 01 Aug 2019 11:52

https://forum.videolan.org/viewtopic.php?f=14&t=150209

avanvooren
New Cone
New Cone
Posts: 3
Joined: 31 Jul 2019 21:42

Re: CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Postby avanvooren » 01 Aug 2019 14:09

Although I sincerely do appreciate the links to the information, whether it is justified or not wasn't the question. It was scored as it was, and the best recourse, imho, is to address it through the channels that created the issue.

From one of the linked articles I gather it seems they have, but without success. I would suggest, for the benefit of any VLC staff reading this post that can help, they redouble their efforts on getting the issue solved somehow at the source of it, whether by getting the score to more accurately reflect the potential or convincing them it is fixed, so it does not show up at all or can be found to be remedied with an update. In my environment, the auditors tend to side with the issues and expect actual efforts to remedy it, not debates as to whether it is a righteous issue to begin with.

But again, thanks to all for kindly providing the information. At present, noting it seems to be as much as can be done.

Rémi Denis-Courmont
Developer
Developer
Posts: 15266
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Postby Rémi Denis-Courmont » 01 Aug 2019 17:35

https://forum.videolan.org/viewtopic.php?f=14&t=150209
OP is asking about CVE-2019-13602. That thread is about CVE-2019-13615. Please don't confuse people with incorrect references.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

avanvooren
New Cone
New Cone
Posts: 3
Joined: 31 Jul 2019 21:42

Re: CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows)

Postby avanvooren » 01 Aug 2019 22:22

I didn't see a concrete reference to any CVE in either of the articles I read.


Return to “VLC media player for Windows Troubleshooting”

Who is online

Users browsing this forum: Google [Bot] and 51 guests