http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0

https://github.com/videolan/vlc-3.0/releases/tag/3.0.11

https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c

https://www.debian.org/security/2020/dsa-4704

https://www.videolan.org/security/sb-vlc3011.html

MITRE http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0 [No types assigned]

MITRE http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0

OR
     *cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.11

OR
     *cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:iphone_os:*:* versions up to (excluding) 3.0.11
     *cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:macos:*:* versions up to (excluding) 3.0.11

OR
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

https://www.debian.org/security/2020/dsa-4704 No Types Assigned

https://www.debian.org/security/2020/dsa-4704 Third Party Advisory

https://www.videolan.org/security/sb-vlc3011.html No Types Assigned

https://www.videolan.org/security/sb-vlc3011.html Vendor Advisory

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

https://www.videolan.org/security/sb-vlc3011.html [No Types Assigned]

https://www.debian.org/security/2020/dsa-4704 [No Types Assigned]

NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)

NIST CWE-787

OR
     *cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.11

http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 No Types Assigned

http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 Patch, Third Party Advisory

https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 No Types Assigned

https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 Release Notes, Third Party Advisory

https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c No Types Assigned

https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c Patch, Third Party Advisory

Victim must voluntarily interact with attack mechanism

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player through 3.2.8 for iOS, and through 3.0.10 for macOS, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.