CVE-2019-13615 : libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player bin

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

Published 2019-07-16 17:15:13

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-13615

Videolan » Vlc Media Player
Versions before (<) 3.0.3
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2019-13615

Top countries where our scanners detected CVE-2019-13615

Top open port discovered on systems with this issue 80

IPs affected by CVE-2019-13615 487

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-13615!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-13615

EPSS FAQ

0.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-13615

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-13615

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-13615

http://www.securityfocus.com/bid/109304

VideoLAN VLC CVE-2019-13615 Heap Based Buffer Overflow Vulnerability
Third Party Advisory;VDB Entry
https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6

Exit the max size loop when there's nothing left possible to find · Matroska-Org/libebml@b66ca47 · GitHub
https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0

Check the max size to read before actually reading · Matroska-Org/libebml@05beb69 · GitHub
https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6

Comparing release-1.3.5...release-1.3.6 · Matroska-Org/libebml · GitHub
https://usn.ubuntu.com/4073-1/

USN-4073-1: libEBML vulnerability | Ubuntu security notices
https://trac.videolan.org/vlc/ticket/22474

#22474 (heap-buffer-overflow on demux_sys_t::FreeUnused) – VLC
Exploit;Issue Tracking;Vendor Advisory