VLC: Buffer overflow — GLSA 202101-37

A buffer overflow in VLC might allow remote attacker(s) to execute arbitrary code.

Affected packages

media-video/vlc on all architectures
Affected versions < 3.0.12.1
Unaffected versions >= 3.0.12.1

Background

VLC is a cross-platform media player and streaming server.

Description

VLC was found to have a buffer overflow when handling crafted MKV files.

Impact

A remote attacker could entice a user to open a specially crafted MKV file using VLC possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All VLC users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.12.1"
 

References

Release date
January 29, 2021

Latest revision
January 29, 2021: 1

Severity
normal

Exploitable
remote

Bugzilla entries