CVE-2024-46461
published 2024-09-25CVE-2024-46461: VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms…
PriorityP339high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
0.57%
43.0th percentile
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 3.0.21-0+deb12u1 (bookworm) | vlc 3.0.21-0+deb12u1 (bookworm) |
| videolan | vlc_media_player | >= 0 < 3.0.21-0+deb11u1 | 3.0.21-0+deb11u1 |
| videolan | vlc_media_player | >= 0 < 3.0.21-0+deb12u1 | 3.0.21-0+deb12u1 |
| videolan | vlc_media_player | >= 0 < 3.0.21-1 | 3.0.21-1 |
| videolan | vlc_media_player | >= 0 < 3.0.21-1 | 3.0.21-1 |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv8.0HIGH
vendor_debian8.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
VLC vulnerability
vendor_ubuntu·2025-01-30
CVE-2024-46461 VLC vulnerability
Title: VLC vulnerability
Summary: VLC could be made to crash or run programs if it received
specially crafted network traffic.
It was discovered that VLC incorrectly handled memory when reading an MMS
stream. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2024-46461: vlc - VLC media player 3.0.20 and earlier is vulnerable to denial of service through a...
vendor_debian·2024·CVSS 8.0
CVE-2024-46461 [HIGH] CVE-2024-46461: vlc - VLC media player 3.0.20 and earlier is vulnerable to denial of service through a...
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
Scope: local
bookworm: resolved (fixed in 3.0.21-0+deb12u1)
bullseye: resolved (fixed in 3.0.21-0+deb11u1)
forky: resolved (fixed in 3.0.21-1)
sid: resolved (fixed in 3.0.21-1)
trixie: resolved (fixed in 3.0.21-1)
OSV
CVE-2024-46461: VLC media player 3
osv·2024-09-25·CVSS 8.0
CVE-2024-46461 [HIGH] CVE-2024-46461: VLC media player 3
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
GHSA
GHSA-3hwv-fr9j-3wjq: VLC media player 3
ghsa_unreviewed·2024-09-25
CVE-2024-46461 [HIGH] CWE-122 GHSA-3hwv-fr9j-3wjq: VLC media player 3
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
No detection rules found.
No public exploits indexed.
2024-09-25
Published