ALPINE-CVE-2019-13615

ALPINE-CVE-2019-13615 PUBLISHED CVSS 5.5 MEDIUM

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.11	libebml	1.3.4-r0, 1.3.3-r0, 0
Alpine:v3.10	libebml	1.3.5-r1, 1.3.5-r1, 1.3.5-r0
Alpine:v3.8	libebml	1.3.1-r0, 1.3.5-r0, 0
Alpine:v3.9	libebml	1.3.5-r1, 1.3.5-r1, 0
Alpine:v3.7	libebml	1.3.5-r0, 1.3.4-r0, 1.3.3-r0

Timeline

Jul 16, 2019 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-13615 advisory

Open in Interactive Console →