Integer Overflow Vulnerability in VNC Module of VideoLAN VLC Media Player
CVE-2022-41325

7.8HIGH

Key Information:

Vendor: Videolan
Status: Vlc Media Player
Vendor: CVE Published:; 6 December 2022

What is CVE-2022-41325?

The VNC module in VideoLAN VLC Media Player contains an integer overflow flaw that can be exploited when a user is deceived into loading a malicious playlist or connecting to an untrusted VNC server. This condition could potentially lead to application crashes or, under certain circumstances, remote code execution. Users of affected versions, particularly those prior to 3.0.17.4, are advised to remain vigilant and update their software to mitigate risk.

References

https://twitter.com/0xMitsurugi

https://www.synacktiv.com/sites/default/files/2022-11/vlc...

https://www.videolan.org/security/sb-vlc3018.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2022
Vulnerability Reserved
Sep 23, 2022

Videolan

What is CVE-2022-41325?

References

CVSS V3.1

Timeline