CVE-2021-25802

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions VLC Media Player version 3.0.11

Description A buffer overflow vulnerability in the AVI ExtractSubtitle component allows attackers to cause an out-of-bounds read via a crafted .avi file. This can be exploited by a remote attacker to gain access to confidential data and cause a denial of service.

Recommendations For version 3.0.11, consider disabling the AVI ExtractSubtitle component until a patch is available to prevent exploitation via crafted .avi files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-120

Related Identifiers

ALT-PU-2020-2503

ALT-PU-2020-3056

BDU:2022-02239

CVE-2021-25802

DLA-2728-1

DSA-4834-1

USN-6180-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Vlc Media Player

CVE-2021-25802

Weakness Enumeration

Related Identifiers

Affected Products

References · 22