Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 883943 (CVE-2022-41325) - <media-video/vlc-3.0.18: multiple vulnerabilities
Summary: <media-video/vlc-3.0.18: multiple vulnerabilities
Alias: CVE-2022-41325
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa?]
Depends on: 884147
  Show dependency tree
Reported: 2022-12-02 01:15 UTC by John Helmert III
Modified: 2024-04-17 09:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-02 01:15:38 UTC
"A denial of service could be triggered with a wrong mp4 file (div by 0) (#27202)

Fix crashes with multiple files due to double free (#26930)

A denial of service could be triggered with wrong oog file (null pointer dereference) (#27294)

Potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played (#27335, CVE-2022-41325)"

"Code execution" bug is in 3.0.18:

Please stabilize 3.0.18
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-02 06:32:12 UTC
commit f16a83b775dfc3f79a78b9e3d252cfc71ba95a53
Author: Sam James <>
Date:   Wed Feb 8 20:49:02 2023 +0000

    media-video/vlc: drop
Comment 2 Aliaksei Urbanski 2024-04-17 09:53:04 UTC
Hello everyone,

There is no <media-video/vlc-3.0.20 in the Portage tree already.
Shouldn't this bug be closed?