Headline
Debian Security Advisory 5297-1
Debian Linux Security Advisory 5297-1 - A buffer overflow was discovered in the VNC module of the VLC media player, which could result in the execution of arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5297-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffDecember 06, 2022 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : vlcCVE ID : CVE-2022-41325A buffer overflow was discovered in the VNC module of the VLC mediaplayer, which could result in the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 3.0.18-0+deb11u1.We recommend that you upgrade your vlc packages.For the detailed security status of vlc please refer toits security tracker page at:https://security-tracker.debian.org/tracker/vlcFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOPsBAACgkQEMKTtsN8TjZ6NhAAgYn57L8YdkWKMZc+/yNZ7kFLJZZaKTDDkvyDgtiWofEQ2vm4/093IDfNhKkccozzfQL/YyeOybqaKo2GcKYt7vyfji7MtXZH/+YXlpH0t/xzf98pBkY/aV/Uw0oBo7ZtTfIiVsb62Ao0w/i87kV4Kwm79UNt6jaIqAfYuhGtgjkH1mr/ME8ez5AbUUiRydXr+8WktqSHd7qWH4E56ZAqnDlPAPDDuUtj1t5l7iNsxKfMO3eC7xGrE1StSdlr+MQrEcupaoQHgLyPRgZBEJrNu3MvfvevpuAH32md/oCvHf8U5uekmMu+/icEdZYQ8+DJgI8gyldeiOTveu7n2uXbhLHSlc8OE+Y5QANqboHG1vsb9cEPuUGmITCFt7rUQIF6c6h75/qmZVMXgK7dv0Kfmni/uHOpTeO66X0jgDatvEIfTeZPT3w+VwT0tnk/GR/DKARROLxG6qvDbJ60waMIa0gD+tuFkX7oGjo1144qMT6mijQdZosYc+uyR6EhLGVo2D5xnAzGMeX5supA4UX0L7CJzBfZbKvE+jD0GPvevT1NzKmNvnhKSKBFg5hIcKNX7OT/KQFYw28Zen182ac0XODoYFnVt6VyXfSrAsem4VGeoAIG5xQYcjKUBKyR5+GMGvdOcSOUsu1ozD/bq8BjJzLDASiZICGTZSVnrMf4wK4=WOoU-----END PGP SIGNATURE-----Related news
Gentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.
Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.