CyberSec.Space Logo
Back to CVE Browser

CVE-2023-47359

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile18.38th
PublishedNov 7, 2023
Last ModifiedMay 28, 2026

Vulnerability Description

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

Affected Platforms (CPE)

πŸ“¦
Videolan

Vlc Media Player

< 3.0.20

References & Advisories

πŸ”— https://0xariana.github.io/blog/real_bugs/vlc/mms
πŸ”— https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html
πŸ”— https://0xariana.github.io/blog/real_bugs/vlc/mms
πŸ”— https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html

Related Vulnerabilities

CVE-2008-029610.0

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow...

CVE-2017-106999.8

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calli...

CVE-2019-128749.8

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The...

CVE-2019-139629.8

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read bec...