VLC: Buffer overflow — GLSA 202005-11

A buffer overflow in VLC might allow local or remote attacker(s) to execute arbitrary code.

Affected packages

media-video/vlc on all architectures
Affected versions < 3.0.10
Unaffected versions >= 3.0.10

Background

VLC is a cross-platform media player and streaming server.

Description

A buffer overflow in DecodeBlock in sdl_image.c was discovered.

Impact

A remote user could craft a specifically crafted image file that could execute arbitrary code or cause denial of service.

Workaround

The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until they upgrade.

Resolution

All VLC users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.10"
 

References

Release date
May 14, 2020

Latest revision
May 14, 2020: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries