What is CVE-2019-5459?

CVE-2019-5459 is a high-severity software vulnerability (CWE-191) with a CVSS score of 7.1. An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.

Is CVE-2019-5459 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 3%.

What products does CVE-2019-5459 affect?

Tracked products affected include VLC media player. Check the version you run to see whether it is affected.

How do I fix CVE-2019-5459?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

← All products

CVE-2019-5459

Q: Is CVE-2019-5459 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 3%.

Q: What products does CVE-2019-5459 affect?

Tracked products affected include VLC media player. Check the version you run to see whether it is affected.

Q: How do I fix CVE-2019-5459?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

HIGH severity · CVSS 7.1 · CWE-191

7.1CVSS HIGH

Summary

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredNone

User interactionRequired

Confidentiality impactHigh

Integrity impactNone

Availability impactHigh

Exploit probability (EPSS)3%

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected products we track (1)

VLC media player

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

NVD record
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.htmlAdvisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.htmlAdvisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.htmlAdvisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.htmlAdvisory
https://hackerone.com/reports/502816Advisory