"A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player through 3.2.8 for iOS, and through 3.0.10 for macOS, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file."
@maintainer(s), please bump to 3.0.11.
@maintainer(s), please advise if ready for stabilisation, or call yourself
Unable to check for sanity:
> package masked: media-video/vlc-3.0.11, by keywords: -sparc
All sanity-check issues have been resolved
This doesn't affect us: https://www.videolan.org/security/sb-vlc3011.html
"The affected code was only used by macOS/iOS hardware accelerated decoder (VideoToolbox), meaning other platforms are unaffected."