Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 883943 (CVE-2022-41325) - <media-video/vlc-3.0.18: multiple vulnerabilities
Summary: <media-video/vlc-3.0.18: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2022-41325
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.videolan.org/security/sb-...
Whiteboard: B2 [glsa?]
Keywords:
Depends on: 884147
Blocks:
  Show dependency tree
 
Reported: 2022-12-02 01:15 UTC by John Helmert III
Modified: 2024-04-17 09:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-02 01:15:38 UTC 
"A denial of service could be triggered with a wrong mp4 file (div by 0) (#27202)

Fix crashes with multiple files due to double free (#26930)

A denial of service could be triggered with wrong oog file (null pointer dereference) (#27294)

Potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played (#27335, CVE-2022-41325)"

"Code execution" bug is in 3.0.18: https://code.videolan.org/videolan/vlc/-/commit/4fcace61801f418786c42487c6b06b693ee87666

Please stabilize 3.0.18
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-02 06:32:12 UTC 
commit f16a83b775dfc3f79a78b9e3d252cfc71ba95a53
Author: Sam James <sam@gentoo.org>
Date:   Wed Feb 8 20:49:02 2023 +0000

    media-video/vlc: drop 3.0.17.4-r2
Comment 2 Aliaksei Urbanski 2024-04-17 09:53:04 UTC 
Hello everyone,

There is no <media-video/vlc-3.0.20 in the Portage tree already.
Shouldn't this bug be closed?