CVE-2022-41325 — Integer Overflow or Wraparound in VLC Media Player

CWE-190 — Integer Overflow or Wraparound6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 76.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player Debian Linux

Timeline

PublishedDec 6

Latest updateJun 20

Description

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 3.0.18-0+deb11u1+3

▶NVDvideolan/vlc_media_player3.0.17.4

Also affects: Debian Linux 11.0

Patches

Patch: www.synacktiv.com ↗Patch: www.synacktiv.com ↗

🔴Vulnerability Details

GHSA

GHSA-xxf6-mj48-xcg3: An integer overflow in the VNC module in VideoLAN VLC Media Player through 3↗2022-12-06

▶

OSV

CVE-2022-41325: An integer overflow in the VNC module in VideoLAN VLC Media Player through 3↗2022-12-06

▶

CVEList

CVE-2022-41325: An integer overflow in the VNC module in VideoLAN VLC Media Player through 3↗2022-12-06

▶

📋Vendor Advisories

Ubuntu

VLC media player vulnerabilities↗2023-06-20

▶

Debian

CVE-2022-41325: vlc - An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.1...↗2022

▶