EPSS
Percentile
31.9%
vlc is vulnerable to arbitrary code execution. An out-of-bounds read in the AVI_ExtractSubtitle component allows an attacker to execute arbitrary code on the host OS via a malicious .avi file.
AVI_ExtractSubtitle
.avi
code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72
security-tracker.debian.org/tracker/CVE-2021-25802