CVE-2024-46461

VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.videolan.org/security/sb-vlc3021.html

Configurations

No configuration.

History

26 Sep 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) VLC media player 3.0.20 y versiones anteriores es vulnerable a la denegación de servicio a través de un desbordamiento de enteros que podría activarse con un flujo de mensajes MMS manipulado con fines malintencionados (desbordamiento basado en montón). Si tiene éxito, un tercero malintencionado podría provocar un bloqueo de VLC o la ejecución de un código arbitrario con los privilegios del usuario de destino.

25 Sep 2024, 16:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.0
CWE		CWE-122

25 Sep 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-25 15:15

Updated : 2024-09-26 13:32

NVD link : CVE-2024-46461

Mitre link : CVE-2024-46461

CVE.ORG link : CVE-2024-46461

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

8.0 /10