An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | vlc | < 3.0.18-1 | vlc_3.0.18-1_all.deb |
Debian | 11 | all | vlc | < 3.0.18-0+deb11u1 | vlc_3.0.18-0+deb11u1_all.deb |
Debian | 10 | all | vlc | < 3.0.17.4-0+deb10u2 | vlc_3.0.17.4-0+deb10u2_all.deb |
Debian | 999 | all | vlc | < 3.0.18-1 | vlc_3.0.18-1_all.deb |
Debian | 13 | all | vlc | < 3.0.18-1 | vlc_3.0.18-1_all.deb |