Description: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player through 3.2.8 for iOS, and through 3.0.10 for macOS, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file." Patch: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commitdiff;h=d5c43c21c747ff30ed19fcca745dea3481c733e0;hp=441907f4352107737523bf9cfb56eabe3563edb4
@maintainer(s), please bump to 3.0.11.
@maintainer(s), please advise if ready for stabilisation, or call yourself
Unable to check for sanity: > package masked: media-video/vlc-3.0.11, by keywords: -sparc
All sanity-check issues have been resolved
arm64 stable
This doesn't affect us: https://www.videolan.org/security/sb-vlc3011.html "The affected code was only used by macOS/iOS hardware accelerated decoder (VideoToolbox), meaning other platforms are unaffected."