libvlc5-3.0.16-1.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11502-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libvlc5-3.0.16-1.5 on GA media These are all security issues fixed in the libvlc5-3.0.16-1.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11502 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-10699/ SUSE CVE CVE-2017-10699 page https://www.suse.com/security/cve/CVE-2017-9300/ SUSE CVE CVE-2017-9300 page https://www.suse.com/security/cve/CVE-2018-19857/ SUSE CVE CVE-2018-19857 page https://www.suse.com/security/cve/CVE-2019-13602/ SUSE CVE CVE-2019-13602 page https://www.suse.com/security/cve/CVE-2019-13962/ SUSE CVE CVE-2019-13962 page https://www.suse.com/security/cve/CVE-2019-14437/ SUSE CVE CVE-2019-14437 page https://www.suse.com/security/cve/CVE-2019-14498/ SUSE CVE CVE-2019-14498 page https://www.suse.com/security/cve/CVE-2019-14533/ SUSE CVE CVE-2019-14533 page https://www.suse.com/security/cve/CVE-2019-14534/ SUSE CVE CVE-2019-14534 page https://www.suse.com/security/cve/CVE-2019-14535/ SUSE CVE CVE-2019-14535 page https://www.suse.com/security/cve/CVE-2019-14776/ SUSE CVE CVE-2019-14776 page https://www.suse.com/security/cve/CVE-2019-14777/ SUSE CVE CVE-2019-14777 page https://www.suse.com/security/cve/CVE-2019-14970/ SUSE CVE CVE-2019-14970 page https://www.suse.com/security/cve/CVE-2019-5439/ SUSE CVE CVE-2019-5439 page https://www.suse.com/security/cve/CVE-2019-5460/ SUSE CVE CVE-2019-5460 page https://www.suse.com/security/cve/CVE-2020-13428/ SUSE CVE CVE-2020-13428 page https://www.suse.com/security/cve/CVE-2020-26664/ SUSE CVE CVE-2020-26664 page openSUSE Tumbleweed libvlc5-3.0.16-1.5 libvlccore9-3.0.16-1.5 vlc-3.0.16-1.5 vlc-codec-gstreamer-3.0.16-1.5 vlc-devel-3.0.16-1.5 vlc-jack-3.0.16-1.5 vlc-lang-3.0.16-1.5 vlc-noX-3.0.16-1.5 vlc-opencv-3.0.16-1.5 vlc-qt-3.0.16-1.5 vlc-vdpau-3.0.16-1.5 libvlc5-3.0.16-1.5 as a component of openSUSE Tumbleweed libvlccore9-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-codec-gstreamer-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-devel-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-jack-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-lang-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-noX-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-opencv-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-qt-3.0.16-1.5 as a component of openSUSE Tumbleweed vlc-vdpau-3.0.16-1.5 as a component of openSUSE Tumbleweed avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. CVE-2017-10699 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10699.html CVE-2017-10699 plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. CVE-2017-9300 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9300.html CVE-2017-9300 https://bugzilla.suse.com/1041907 SUSE Bug 1041907 The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. CVE-2018-19857 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19857.html CVE-2018-19857 https://bugzilla.suse.com/1118586 SUSE Bug 1118586 An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. CVE-2019-13602 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13602.html CVE-2019-13602 https://bugzilla.suse.com/1141522 SUSE Bug 1141522 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. CVE-2019-13962 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13962.html CVE-2019-13962 https://bugzilla.suse.com/1142161 SUSE Bug 1142161 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. CVE-2019-14437 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14437.html CVE-2019-14437 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. CVE-2019-14498 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14498.html CVE-2019-14498 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. CVE-2019-14533 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14533.html CVE-2019-14533 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. CVE-2019-14534 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14534.html CVE-2019-14534 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. CVE-2019-14535 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14535.html CVE-2019-14535 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. CVE-2019-14776 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14776.html CVE-2019-14776 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. CVE-2019-14777 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14777.html CVE-2019-14777 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. CVE-2019-14970 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14970.html CVE-2019-14970 https://bugzilla.suse.com/1146428 SUSE Bug 1146428 A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. CVE-2019-5439 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5439.html CVE-2019-5439 https://bugzilla.suse.com/1138354 SUSE Bug 1138354 Double Free in VLC versions <= 3.0.6 leads to a crash. CVE-2019-5460 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5460.html CVE-2019-5460 https://bugzilla.suse.com/1143547 SUSE Bug 1143547 A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. CVE-2020-13428 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13428.html CVE-2020-13428 https://bugzilla.suse.com/1172727 SUSE Bug 1172727 A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. CVE-2020-26664 openSUSE Tumbleweed:libvlc5-3.0.16-1.5 openSUSE Tumbleweed:libvlccore9-3.0.16-1.5 openSUSE Tumbleweed:vlc-3.0.16-1.5 openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5 openSUSE Tumbleweed:vlc-devel-3.0.16-1.5 openSUSE Tumbleweed:vlc-jack-3.0.16-1.5 openSUSE Tumbleweed:vlc-lang-3.0.16-1.5 openSUSE Tumbleweed:vlc-noX-3.0.16-1.5 openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5 openSUSE Tumbleweed:vlc-qt-3.0.16-1.5 openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-26664.html CVE-2020-26664 https://bugzilla.suse.com/1180755 SUSE Bug 1180755