CVE-2020-26664
published 2021-01-08CVE-2020-26664: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv…
PriorityP335high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.54%
71.7th percentile
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | vlc | < vlc 3.0.12-1 (bookworm) | vlc 3.0.12-1 (bookworm) |
| videolan | vlc_media_player | < 3.0.12 | 3.0.12 |
| videolan | vlc_media_player | >= 0 < 3.0.12-1 | 3.0.12-1 |
| videolan | vlc_media_player | >= 0 < 3.0.12-1 | 3.0.12-1 |
| videolan | vlc_media_player | >= 0 < 3.0.12-1 | 3.0.12-1 |
| videolan | vlc_media_player | >= 0 < 3.0.12-1 | 3.0.12-1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fv8f-3437-pw9x: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3
ghsa_unreviewed·2022-05-24
CVE-2020-26664 [HIGH] CWE-787 GHSA-fv8f-3437-pw9x: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
OSV
CVE-2020-26664: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3
osv·2021-01-08·CVSS 7.8
CVE-2020-26664 [HIGH] CVE-2020-26664: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Debian
CVE-2020-26664: vlc - A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 ...
vendor_debian·2020·CVSS 7.8
CVE-2020-26664 [HIGH] CVE-2020-26664: vlc - A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 ...
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Scope: local
bookworm: resolved (fixed in 3.0.12-1)
bullseye: resolved (fixed in 3.0.12-1)
forky: resolved (fixed in 3.0.12-1)
sid: resolved (fixed in 3.0.12-1)
trixie: resolved (fixed in 3.0.12-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://videolan.comhttp://vlc.comhttps://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txthttps://lists.debian.org/debian-lts-announce/2022/06/msg00012.htmlhttps://security.gentoo.org/glsa/202101-37https://www.debian.org/security/2021/dsa-4834http://videolan.comhttp://vlc.comhttps://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txthttps://lists.debian.org/debian-lts-announce/2022/06/msg00012.htmlhttps://security.gentoo.org/glsa/202101-37https://www.debian.org/security/2021/dsa-4834
2021-01-08
Published