PT-2020-6647 · Videolan+3 · Vlc Media Player+3

Zhen Zhou

Published

2020-08-05

Updated

2025-08-04

CVE-2021-25801

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions VideoLAN VLC Media Player version 3.0.11

Description A buffer overflow vulnerability in the Parse indx component of VideoLAN VLC Media Player allows attackers to cause an out-of-bounds read via a crafted .avi file. This vulnerability is related to buffer copying without input validation, which can be exploited by a remote attacker to gain access to confidential data and cause a denial of service.

Recommendations For version 3.0.11, consider disabling the Parse indx component until a patch is available to prevent exploitation via crafted .avi files. Restrict access to .avi files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-120

Related Identifiers

ALT-PU-2020-2503

ALT-PU-2020-3056

BDU:2022-02240

CVE-2021-25801

DLA-2728-1

DSA-4834-1

USN-6180-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Vlc Media Player

PT-2020-6647 · Videolan+3 · Vlc Media Player+3

CVE-2021-25801

Weakness Enumeration

Related Identifiers

Affected Products

References · 22