Denial of Service Vulnerability in VLC Media Player by VideoLAN
CVE-2024-46461

Currently unrated

Key Information:

Vendor: VideoLAN
Status: VLC Media Player
Vendor: CVE Published:; 25 September 2024

Summary

VLC Media Player versions 3.0.20 and earlier are susceptible to a denial of service attack stemming from an integer overflow vulnerability. This flaw can be exploited through a maliciously crafted MMS stream, potentially leading to a heap-based overflow. If successfully executed, an attacker could crash the application or achieve arbitrary code execution under the privileges of the user running VLC, posing significant risks to user systems.

References

https://www.videolan.org/security/sb-vlc3021.html

Timeline

Vulnerability published
Sep 25, 2024