CVE-2024-46461 — Heap-based Buffer Overflow in VLC Media Player

CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

8.0HIGHNVD

EPSS

0.4%

top 42.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedSep 25

Latest updateJan 30

Description

VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

▶Debianvideolan/vlc_media_player< 3.0.21-0+deb11u1+3

🔴Vulnerability Details

CVEList

CVE-2024-46461: VLC media player 3↗2024-09-25

▶

OSV

CVE-2024-46461: VLC media player 3↗2024-09-25

▶

GHSA

GHSA-3hwv-fr9j-3wjq: VLC media player 3↗2024-09-25

▶

📋Vendor Advisories

Ubuntu

VLC vulnerability↗2025-01-30

▶

Debian

CVE-2024-46461: vlc - VLC media player 3.0.20 and earlier is vulnerable to denial of service through a...↗2024

▶