Vulnerability Description
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Videolan | Vlc Media Player | <= 3.0.17.4 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://twitter.com/0xMitsurugiThird Party Advisory
- https://www.debian.org/security/2022/dsa-5297Third Party Advisory
- https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2ExploitPatchThird Party Advisory
- https://www.videolan.org/security/sb-vlc3018.htmlVendor Advisory
- https://twitter.com/0xMitsurugiThird Party Advisory
- https://www.debian.org/security/2022/dsa-5297Third Party Advisory
- https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2ExploitPatchThird Party Advisory
- https://www.videolan.org/security/sb-vlc3018.htmlVendor Advisory
FAQ
What is CVE-2022-41325?
CVE-2022-41325 is a vulnerability with a CVSS score of 7.8 (HIGH). An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash V...
How severe is CVE-2022-41325?
CVE-2022-41325 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41325?
Check the references section above for vendor advisories and patch information. Affected products include: Videolan Vlc Media Player, Debian Debian Linux.