Andreas Fobian

Name of the Vulnerable Software and Affected Versions: VLC media player versions 3.0.20 and earlier Description: The issue is related to an integer overflow in VLC media player, which could be triggered by a maliciously crafted mms stream, potentially leading to a denial of service or arbitrary code execution with the target user's privileges. A malicious third party could exploit this to cause a crash of VLC or execute code in the context of the root user. Recommendations: For versions 3.0.20 and earlier, update to a version that fixes the integer overflow issue to prevent potential denial of service or arbitrary code execution. As a temporary workaround, consider restricting the use of maliciously crafted mms streams until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.