The issue can be corrected by upgrading fribidi packages to the latest available version.
CVE-2018-13544 In LibVLC, a heap-based buffer overflow was found in the vlc_parse_config() function of vlc.c, which is called when parsing '--vsync' or '--vsync-input' options. This could cause the application to crash and possibly run arbitrary code if a user were to pass a specially crafted configuration file with the 'vsync' or 'vsync-input' options enabled.
CVE-2018-13591 In LibVLC, a heap-based buffer overflow was found in the vlc_pix_fmts_get_size() function of vlc/pixfmt.c. A crafted audio file could be provided to cause a crash and possibly run arbitrary code if a user were to pass a specially crafted audio file to the LibVLC media player application.
CVE-2018-13767 An issue was discovered in libvpx. A user controlled data flow in the vp9_init_decode_post_fd() function in vp9/vp9_init.c allowed an attacker to pass a maliciously crafted vp9/config file with a 'decode_post_x_mm' filter enabled to cause a crash and possibly execute arbitrary code with access to the vp9_decode_post_frame() function
Credit goes to the following websites
www.sigaint.org
www.f-secure.com
Weak Input Validation in LibVPX
In LibVPX, a user controlled data flow in the vp9_init_decode_post_fd() function in vp9/vp9_init.c allowed an attacker to pass a maliciously crafted vp9/config file with a 'decode_post_x_mm' filter enabled to cause a crash and possibly execute arbitrary code with access to the vp9_decode_post_frame() function
Timeline
Published on: 09/06/2022 18:15:00 UTC
Last modified on: 09/09/2022 15:54:00 UTC