Headline
Gentoo Linux Security Advisory 202409-17
Gentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.
Gentoo Linux Security Advisory GLSA 202409-17
https://security.gentoo.org/
Severity: Normal
Title: VLC: Multiple Vulnerabilities
Date: September 22, 2024
Bugs: #788226, #883943, #917274
ID: 202409-17
Synopsis
Multiple vulnerabilities have been discovered in VLC, the worst of which
could result in arbitrary code execution.
Background
VLC is a cross-platform media player and streaming server.
Affected packages
Package Vulnerable Unaffected
media-video/vlc < 3.0.20 >= 3.0.20
Description
Multiple vulnerabilities have been discovered in VLC. Please review the
CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All VLC users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=media-video/vlc-3.0.20”
References
[ 1 ] CVE-2022-41325
https://nvd.nist.gov/vuln/detail/CVE-2022-41325
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202409-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Debian Linux Security Advisory 5297-1 - A buffer overflow was discovered in the VNC module of the VLC media player, which could result in the execution of arbitrary code.
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.