CVE-2023-47360
published 2023-11-07CVE-2023-47360: Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.91%
55.4th percentile
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 3.0.20-0+deb12u1 (bookworm) | vlc 3.0.20-0+deb12u1 (bookworm) |
| videolan | vlc_media_player | < 3.0.20 | 3.0.20 |
| videolan | vlc_media_player | >= 0 < 3.0.20-0+deb11u1 | 3.0.20-0+deb11u1 |
| videolan | vlc_media_player | >= 0 < 3.0.20-0+deb12u1 | 3.0.20-0+deb12u1 |
| videolan | vlc_media_player | >= 0 < 3.0.20-1 | 3.0.20-1 |
| videolan | vlc_media_player | >= 0 < 3.0.20-1 | 3.0.20-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
VLC vulnerabilities
vendor_ubuntu·2024-05-22
CVE-2023-47360 VLC vulnerabilities
Title: VLC vulnerabilities
Summary: VLC could be made to crash or run programs if it received
specially crafted network traffic.
It was discovered that VLC incorrectly handled certain media files.
A remote attacker could possibly use this issue to cause VLC to crash,
resulting in a denial of service, or potential arbitrary code execution.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2023-47360: vlc - Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to...
vendor_debian·2023·CVSS 7.5
CVE-2023-47360 [HIGH] CVE-2023-47360: vlc - Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to...
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
Scope: local
bookworm: resolved (fixed in 3.0.20-0+deb12u1)
bullseye: resolved (fixed in 3.0.20-0+deb11u1)
forky: resolved (fixed in 3.0.20-1)
sid: resolved (fixed in 3.0.20-1)
trixie: resolved (fixed in 3.0.20-1)
GHSA
GHSA-xpr9-hg8g-rgg6: Videolan VLC prior to version 3
ghsa_unreviewed·2023-11-13
CVE-2023-47360 [HIGH] CWE-191 GHSA-xpr9-hg8g-rgg6: Videolan VLC prior to version 3
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
OSV
CVE-2023-47360: Videolan VLC prior to version 3
osv·2023-11-07·CVSS 7.5
CVE-2023-47360 [HIGH] CVE-2023-47360: Videolan VLC prior to version 3
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
No detection rules found.
No public exploits indexed.
2023-11-07
Published