PT-2021-6815 · Videolan+3 · Vlc Media Player+3

Zhen Zhou

Published

2020-08-05

Updated

2023-06-20

CVE-2021-25803

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions VideoLAN VLC Media Player version 3.0.11

Description A buffer overflow vulnerability in the vlc input attachment New component allows attackers to cause an out-of-bounds read via a crafted .avi file. This can be exploited by a remote attacker to gain access to confidential data and cause a denial of service.

Recommendations For version 3.0.11, consider updating to a newer version to mitigate the risk, as the current version is affected by the buffer overflow vulnerability in the vlc input attachment New component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-190

Related Identifiers

ALT-PU-2020-2503

ALT-PU-2020-3056

BDU:2022-02238

CVE-2021-25803

DLA-2728-1

DSA-4834-1

USN-6180-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Vlc Media Player

PT-2021-6815 · Videolan+3 · Vlc Media Player+3

CVE-2021-25803

Weakness Enumeration

Related Identifiers

Affected Products

References · 22