Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41325: VideoLAN Security Bulletin VLC 3.0.18

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

CVE
#vulnerability#dos#git#rce#buffer_overflow

Summary : Multiple vulnerabilities fixed in VLC media player Date : November 2022 Affected versions : VLC media player 3.0.17 and earlier ID : VideoLAN-SB-VLC-3018

Details

A denial of service could be triggered with a wrong mp4 file (div by 0) (#27202)

Fix crashes with multiple files due to double free (#26930)

A denial of service could be triggered with wrong oog file (null pointer dereference) (#27294)

Potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played (#27335, CVE-2022-41325)

Impact

If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

While these issues in themselves are most likely to just crash the player, we can’t exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.

We have not seen exploits performing code execution through these vulnerability

Threat mitigation

Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.

Workarounds

The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.

Solution

VLC media player 3.0.18 addresses the issue.

Credits

The vnc module vulnerability was reported and fixed by 0xMitsurugi from Synacktiv (#27335, CVE-2022-41325)

References

The VideoLAN project

http://www.videolan.org/

VLC official GIT repository

http://git.videolan.org/?p=vlc.git

Related news

Gentoo Linux Security Advisory 202409-17

Gentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.

Ubuntu Security Notice USN-6180-1

Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Debian Security Advisory 5297-1

Debian Linux Security Advisory 5297-1 - A buffer overflow was discovered in the VNC module of the VLC media player, which could result in the execution of arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907