Explore top 10 tips to secure your open-source projects now. Read More
×
An out-of-bounds read vulnerability was discovered in VLC media player, a multimedia player and streamer. The MMS protocol handler in mmstu.c did not properly validate boundaries when processing a crafted 0x01 response from an MMS server. A remote attacker controlling a malicious MMS server could exploit this to cause an out-of-bounds read, resulting. Debian LTS Advisory DLA-4507-1
Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.23-0+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6096-1
Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.22-0+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6082-1
VLC could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7243-1 January 29, 2025 vlc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: VLC could be made to crash or run programs if it received specially crafted network traffic. Software Description: - vlc: multimedia player and streamer Details: It was discovered that VLC incorrectly handled memory when reading a MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS vlc 3.0.20-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS vlc 3.0.16-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 20.04 LTS vlc 3.0.9.2-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS vlc 3.0.8-0ubuntu18.04.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS vlc 2.2.2-5ubuntu0.16.04.5+esm4 Available with Ubuntu Pro In general, a standard system updatewill make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7243-1 CVE-2024-46461 . VLC upgrade resolves vulnerabilities that could result in system instability or arbitrary code execution through specially crafted packets. Discover more details.. Ubuntu Security, VLC Update, Denial of Service, Network Exploit, OS Patch. . Severity: Critical. LinuxSecurity.com Team
A buffer overflow was discovered in the MMS module of the VLC media player. For the oldstable distribution (bullseye), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1
VLC could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-6783-1 May 22, 2024 vlc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: VLC could be made to crash or run programs if it received specially crafted network traffic. Software Description: - vlc: multimedia player and streamer Details: It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 vlc 3.0.18-4ubuntu0.1 vlc-plugin-base 3.0.18-4ubuntu0.1 Ubuntu 22.04 LTS vlc 3.0.16-1ubuntu0.1~esm2 Available with Ubuntu Pro vlc-plugin-base 3.0.16-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS vlc 3.0.9.2-1ubuntu0.1~esm2 Available with Ubuntu Pro vlc-plugin-base 3.0.9.2-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS vlc 3.0.8-0ubuntu18.04.1+esm2 Available with Ubuntu Pro vlc-plugin-base 3.0.8-0ubuntu18.04.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS vlc 2.2.2-5ubuntu0.16.04.5+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6783-1 CVE-2023-47359, CVE-2023-47360 Package Information: . The Ubuntu Security Advisory USN-6784-1 tackles vulnerabilities in ffmpeg that could lead to memory corruption or unauthorized code execution from specially crafted files.. Ubuntu Security,VLC Advisory,Denial of Service,Remote Execution,Network Threat. . LinuxSecurity.com Team
The updated packages fix security vulnerabilities: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption (CVE-2023-47359). Videolan VLC prior to version 3.0.20 contains an Integer underflow that . MGASA-2024-0007 - Updated vlc packages fix security vulnerabilities Publication date: 14 Jan 2024 URL: https://advisories.mageia.org/MGASA-2024-0007.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-47359, CVE-2023-47360 The updated packages fix security vulnerabilities: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption (CVE-2023-47359). Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length (CVE-2023-47360). References: - https://bugs.mageia.org/show_bug.cgi?id=32487 - https://lwn.net/Articles/950049/ - https://www.cve.org/CVERecord?id=CVE-2023-47359 - https://www.cve.org/CVERecord?id=CVE-2023-47360 SRPMS: - 9/core/vlc-3.0.20-1.mga9 - 9/tainted/vlc-3.0.20-1.mga9.tainted . Mageia 2024-0007 addresses VLC heap overflow issues to prevent memory corruption vulnerabilities.. Mageia Security Advisory,VLC Update,Memory Corruption,Software Vulnerabilities,VideoLAN Fix. . LinuxSecurity.com Team
Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3679-1
Get the latest Linux and open source security news straight to your inbox.