UbuntuUSN-6180-1VLC media player vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.3%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- vlc - multimedia player and streamer
Details
It was discovered that VLC could be made to read out of bounds when
decoding image files. If a user were tricked into opening a crafted image
file, a remote attacker could possibly use this issue to cause VLC to
crash, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-19721)
It was discovered that VLC could be made to write out of bounds when
processing H.264 video files. If a user were tricked into opening a
crafted H.264 video file, a remote attacker could possibly use this issue
to cause VLC to crash, leading to a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-13428)
It was discovered that VLC could be made to read out of bounds when
processing AVI video files. If a user were tricked into opening a crafted
AVI video file, a remote attacker could possibly use this issue to cause
VLC to crash, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-25801,
CVE-2021-25802, CVE-2021-25803, CVE-2021-25804)
It was discovered that the VNC module of VLC contained an arithmetic
overflow. If a user were tricked into opening a crafted playlist or
connecting to a rouge VNC server, a remote attacker could possibly use
this issue to cause VLC to crash, leading to a denial of service, or
possibly execute arbitrary code. (CVE-2022-41325)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | vlc | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlc-bin | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlc-bin-dbgsym | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlc-dev | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlc5 | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlc5-dbgsym | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlccore-dev | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlccore9 | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libvlccore9-dbgsym | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | vlc-bin | < 3.0.17.4-5ubuntu0.1 | UNKNOWN |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.3%