CVE-2019-18278

EUVD-2019-8067
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
videolanvlc_media_player
3.0.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vlc
bionic
not-affected
disco
not-affected
eoan
not-affected
trusty
dne
xenial
not-affected
References
https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html
https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html