Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 883943 (CVE-2022-41325)

Summary: <media-video/vlc-3.0.18: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ajak, aliaksei.urbanski, media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.videolan.org/security/sb-vlc3018.html
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 884147    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-02 01:15:38 UTC 
"A denial of service could be triggered with a wrong mp4 file (div by 0) (#27202)

Fix crashes with multiple files due to double free (#26930)

A denial of service could be triggered with wrong oog file (null pointer dereference) (#27294)

Potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played (#27335, CVE-2022-41325)"

"Code execution" bug is in 3.0.18: https://code.videolan.org/videolan/vlc/-/commit/4fcace61801f418786c42487c6b06b693ee87666

Please stabilize 3.0.18
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-02 06:32:12 UTC 
commit f16a83b775dfc3f79a78b9e3d252cfc71ba95a53
Author: Sam James <sam@gentoo.org>
Date:   Wed Feb 8 20:49:02 2023 +0000

    media-video/vlc: drop 3.0.17.4-r2
Comment 2 Aliaksei Urbanski 2024-04-17 09:53:04 UTC 
Hello everyone,

There is no <media-video/vlc-3.0.20 in the Portage tree already.
Shouldn't this bug be closed?
Comment 3 Larry the Git Cow gentoo-dev 2024-09-22 07:58:23 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=adf654e272246b70c63a0f741e7f336f235d0fc8

commit adf654e272246b70c63a0f741e7f336f235d0fc8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-09-22 07:58:11 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-09-22 07:58:21 +0000

    [ GLSA 202409-17 ] VLC: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/788226
    Bug: https://bugs.gentoo.org/883943
    Bug: https://bugs.gentoo.org/917274
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202409-17.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)