Heap-based Buffer Overflow in VideoLAN VLC Media Player
CVE-2020-26664

7.8HIGH

Key Information:

Vendor

Videolan
Status
Vlc Media Player
Vendor
CVE Published:
8 January 2021

What is CVE-2020-26664?

A vulnerability exists within the EbmlTypeDispatcher::send function of VLC Media Player, specifically in version 3.0.11. Malicious actors can exploit this vulnerability by crafting a specially designed .mkv file, leading to a heap-based buffer overflow. This condition can allow them to execute arbitrary code, posing significant risks to the integrity of user systems. Users of VLC Media Player are advised to apply necessary updates to mitigate the impact of this vulnerability.

References

http://vlc.com
x_refsource_MISC
http://videolan.com
x_refsource_MISC
https://gist.githubusercontent.com/henices/db11664dd45b9f...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.