Heap-Based Buffer Overflow in VLC Media Player by VideoLAN
CVE-2023-47359

9.8CRITICAL

Key Information:

Vendor: Videolan
Status: Vlc Media Player
Vendor: CVE Published:; 7 November 2023

Summary

Prior to version 3.0.20, VLC Media Player by VideoLAN contains an improper offset read that can trigger a heap-based buffer overflow in the GetPacket() function. This flaw can lead to memory corruption, potentially allowing attackers to exploit the vulnerability for malicious purposes. Users are encouraged to update to the latest version to mitigate this risk.

References

https://0xariana.github.io/blog/real_bugs/vlc/mms

https://lists.debian.org/debian-lts-announce/2023/11/msg0...

mailing-list

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Nov 6, 2023