CVE-2025-51602 — Out-of-bounds Read in VLC Media Player

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 96.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 16

Description

mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.2 | Impact: 2.5

▶Debianvideolan/vlc_media_player< 3.0.23-0+deb11u1+3

CVEList

CVE-2025-51602: mmstu↗2026-01-16

▶

GHSA

GHSA-5fj6-q8x2-56g8: mmstu↗2026-01-16

▶

OSV

CVE-2025-51602: mmstu↗2026-01-16

▶

Debian

CVE-2025-51602: vlc - mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read ...↗2025

▶

Wiz

CVE-2025-51602 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶