Candidate: CVE-2021-25801
PublicDate: 2021-07-26 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25801
 https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12)
 https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2
Description:
 A buffer overflow vulnerability in the __Parse_indx component of VideoLAN
 VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via
 a crafted .avi file.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H [7.1 HIGH]


Patches_vlc:
upstream_vlc: released (3.0.12-1)
trusty_vlc: ignored (out of standard support)
trusty/esm_vlc: DNE
xenial_vlc: ignored (out of standard support)
bionic_vlc: needs-triage
focal_vlc: needs-triage
hirsute_vlc: not-affected (3.0.12-3)
impish_vlc: not-affected
jammy_vlc: not-affected
devel_vlc: not-affected