Wiz
Vulnerability DatabaseCVE-2021-25803

CVE-2021-25803
VLC media player vulnerability analysis and mitigation

Overview

A buffer overflow vulnerability was identified in the vlcinputattachment_New component of VideoLAN VLC Media Player 3.0.11. The vulnerability, tracked as CVE-2021-25803, allows attackers to cause an out-of-bounds read through a specially crafted .avi file. The issue was discovered and initially recorded on January 22, 2021 (CVE Mitre).

Technical details

The vulnerability stems from an integer overflow in the AVI file processing component of VLC Media Player. This overflow leads to a size verification failure, which subsequently results in a buffer overflow condition. The issue was identified by Zhen Zhou from the NSFOCUS Security Team and was addressed in the VLC codebase (VLC Commit).

Impact

When exploited, this vulnerability could cause VLC Media Player to crash, resulting in a denial of service condition. The vulnerability specifically affects systems when processing maliciously crafted AVI video files (Ubuntu Notice).

Mitigation and workarounds

The vulnerability has been fixed in subsequent releases of VLC Media Player. Various Linux distributions have released security updates to address this issue, including Debian which fixed it in version 3.0.12-1 and Ubuntu which provided patches across multiple versions of their distribution (Debian Tracker).

Additional resources

SourceThis report was generated using AI

Related VLC media player vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-47359CRITICAL9.8
  • VLC media playerVLC media player
  • cpe:2.3:a:videolan:vlc_media_player
NoYesNov 07, 2023
CVE-2024-46461HIGH8
  • VLC media playerVLC media player
  • vlc
NoYesSep 25, 2024
CVE-2023-46814HIGH7.8
  • VLC media playerVLC media player
  • cpe:2.3:a:videolan:vlc_media_player
NoYesNov 22, 2023
CVE-2022-41325HIGH7.8
  • VLC media playerVLC media player
  • cpe:2.3:a:videolan:vlc_media_player
NoYesDec 06, 2022
CVE-2023-47360HIGH7.5
  • VLC media playerVLC media player
  • cpe:2.3:a:videolan:vlc_media_player
NoYesNov 07, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo