CVE-2022-41325

Summary

CVE	CVE-2022-41325
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-12-06 16:15:00 UTC
Updated	2022-12-08 16:44:00 UTC
Description	An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Application	Videolan	Vlc Media Player	All	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-5297-1 vlc	DEBIAN	www.debian.org
VideoLAN Security Bulletin VLC 3.0.18 - VideoLAN	MISC	www.videolan.org
Mitsurugi Heishiro (@0xmitsurugi) on Twitter	MISC	twitter.com
www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-413...	MISC	www.synacktiv.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181282 Debian Security Update for vlc (DLA 3216-1)
181305 Debian Security Update for vlc (DSA 5297-1)
184073 Debian Security Update for vlc (CVE-2022-41325)
199556 Ubuntu Security Notification for VLC media player Vulnerabilities (USN-6180-1)
377802 VideoLAN VLC Media player Multiple Vulnerabilities (VideoLAN-SB-VLC-3018)
502963 Alpine Linux Security Update for vlc
505830 Alpine Linux Security Update for vlc