Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 50 articles for you...
197

Debian 11 DLA-4507-1 VLC Important Out-of-Bounds Read DoS CVE-2025-51602

An out-of-bounds read vulnerability was discovered in VLC media player, a multimedia player and streamer. The MMS protocol handler in mmstu.c did not properly validate boundaries when processing a crafted 0x01 response from an MMS server. A remote attacker controlling a malicious MMS server could exploit this to cause an out-of-bounds read, resulting. Debian LTS Advisory DLA-4507-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta March 23, 2026 https://wiki.debian.org/LTS Package : vlc Version : 3.0.23-0+deb11u1 CVE ID : CVE-2025-51602 An out-of-bounds read vulnerability was discovered in VLC media player, a multimedia player and streamer. The MMS protocol handler in mmstu.c did not properly validate boundaries when processing a crafted 0x01 response from an MMS server. A remote attacker controlling a malicious MMS server could exploit this to cause an out-of-bounds read, resulting in a denial of service (application crash) and potentially leaking sensitive memory contents. For Debian 11 bullseye, this problem has been fixed in version 3.0.23-0+deb11u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/vlc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . VLC media player faces important out-of-bounds read risk. Update recommended to prevent denial of service issues.. VLC Media Player, Debian LTS, DLA-4507-1, Denial of Service, Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 24, 2026 Important Debian LTS
87

Debian: VLC DSA-6096-1 Denial of Service and Code Exec Fix

Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.23-0+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6096-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vlc CVE ID : not yet available Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.23-0+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 3.0.23-0+deb13u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/vlc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple vulnerabilities fixed in VLC for Debian could lead to service disruption or code execution risks from malformed files.. VLC Media Player, Debian Security Update, Denial of Service, Code Execution Risks. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 08, 2026 Critical Debian
87

Debian: vlc Critical Denial of Service and Code Execution DSA-6082-1

Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.22-0+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6082-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff December 14, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vlc CVE ID : not yet available Debian Bug : 1013898 1021601 Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.22-0+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 3.0.22-0+deb13u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/vlc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple critical issues identified in VLC for Debian require immediate updates to prevent denial of service and code execution risks.. Debian Security Advisory,Deny of Service,VLC Media Player,Security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 14, 2025 Critical Debian
172

Ubuntu 24.04 LTS: USN-7243-1 critical: vlc denial of service

VLC could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7243-1 January 29, 2025 vlc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: VLC could be made to crash or run programs if it received specially crafted network traffic. Software Description: - vlc: multimedia player and streamer Details: It was discovered that VLC incorrectly handled memory when reading a MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS vlc 3.0.20-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS vlc 3.0.16-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 20.04 LTS vlc 3.0.9.2-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS vlc 3.0.8-0ubuntu18.04.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS vlc 2.2.2-5ubuntu0.16.04.5+esm4 Available with Ubuntu Pro In general, a standard system updatewill make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7243-1 CVE-2024-46461 . VLC upgrade resolves vulnerabilities that could result in system instability or arbitrary code execution through specially crafted packets. Discover more details.. Ubuntu Security, VLC Update, Denial of Service, Network Exploit, OS Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 30, 2025 Critical Ubuntu
87

Debian: DSA-5707-1 Moderate: Correction for VLC Buffer Overflow Issue

A buffer overflow was discovered in the MMS module of the VLC media player. For the oldstable distribution (bullseye), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vlc CVE ID : not yet available A buffer overflow was discovered in the MMS module of the VLC media player. For the oldstable distribution (bullseye), this problem has been fixed in version 3.0.21-0+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 3.0.21-0+deb12u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/vlc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance VLC media player to mitigate buffer overflow vulnerabilities as outlined in the Debian DSA-5707-1 security bulletin.. Debian Security Updates, Media Player Vulnerabilities, Buffer Overflow Fixes. . LinuxSecurity.com Team

Calendar%202 Jun 11, 2024 Debian
172

Ubuntu 23.10 USN-6783-1 Moderate: VLC Network Traffic Risk

VLC could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-6783-1 May 22, 2024 vlc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: VLC could be made to crash or run programs if it received specially crafted network traffic. Software Description: - vlc: multimedia player and streamer Details: It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 vlc 3.0.18-4ubuntu0.1 vlc-plugin-base 3.0.18-4ubuntu0.1 Ubuntu 22.04 LTS vlc 3.0.16-1ubuntu0.1~esm2 Available with Ubuntu Pro vlc-plugin-base 3.0.16-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS vlc 3.0.9.2-1ubuntu0.1~esm2 Available with Ubuntu Pro vlc-plugin-base 3.0.9.2-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS vlc 3.0.8-0ubuntu18.04.1+esm2 Available with Ubuntu Pro vlc-plugin-base 3.0.8-0ubuntu18.04.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS vlc 2.2.2-5ubuntu0.16.04.5+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6783-1 CVE-2023-47359, CVE-2023-47360 Package Information: . The Ubuntu Security Advisory USN-6784-1 tackles vulnerabilities in ffmpeg that could lead to memory corruption or unauthorized code execution from specially crafted files.. Ubuntu Security,VLC Advisory,Denial of Service,Remote Execution,Network Threat. . LinuxSecurity.com Team

Calendar%202 May 23, 2024 Ubuntu
203

Mageia: 2024-0007 moderate: VLC heap overflow and underflow issues

The updated packages fix security vulnerabilities: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption (CVE-2023-47359). Videolan VLC prior to version 3.0.20 contains an Integer underflow that . MGASA-2024-0007 - Updated vlc packages fix security vulnerabilities Publication date: 14 Jan 2024 URL: https://advisories.mageia.org/MGASA-2024-0007.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-47359, CVE-2023-47360 The updated packages fix security vulnerabilities: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption (CVE-2023-47359). Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length (CVE-2023-47360). References: - https://bugs.mageia.org/show_bug.cgi?id=32487 - https://lwn.net/Articles/950049/ - https://www.cve.org/CVERecord?id=CVE-2023-47359 - https://www.cve.org/CVERecord?id=CVE-2023-47360 SRPMS: - 9/core/vlc-3.0.20-1.mga9 - 9/tainted/vlc-3.0.20-1.mga9.tainted . Mageia 2024-0007 addresses VLC heap overflow issues to prevent memory corruption vulnerabilities.. Mageia Security Advisory,VLC Update,Memory Corruption,Software Vulnerabilities,VideoLAN Fix. . LinuxSecurity.com Team

Calendar%202 Jan 14, 2024 Mageia
197

Debian 10: DLA-3679-1 critical: VLC buffer overflow and integer underflow

Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3679-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : vlc Version : 3.0.20-0+deb10u1 CVE ID : CVE-2023-47359 CVE-2023-47360 Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359 Heap buffer overflow in the MMSH module. CVE-2023-47360 Integer underflow in the MMSH module. For Debian 10 buster, these problems have been fixed in version 3.0.20-0+deb10u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/vlc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Two vulnerabilities fixed in VLC media player for Debian LTS DLA-3783-1. Update recommended for enhanced security.. Debian Security,VLC Media Player,Security Update,Buffer Overflow,Integer Underflow. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 30, 2023 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200