A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
7.8CVSS
8AI Score
0.0004EPSS
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
9.8CVSS
9.1AI Score
0.001EPSS
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
7.5CVSS
8.3AI Score
0.0005EPSS