Denial of Service Vulnerability in VLC Media Player by VideoLAN
CVE-2021-25804
7.5HIGH
Key Information:
- Vendor
Videolan
- Status
- Vendor
- CVE Published:
- 26 July 2021
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2021-25804?
A NULL-pointer dereference issue exists in the 'Open' function within 'avi.c' of VLC Media Player version 3.0.11. This vulnerability can lead to a denial of service, causing the application to crash unexpectedly when the affected function is invoked. Users of VLC Media Player are advised to update to the latest version to mitigate potential service disruptions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.