Candidate: CVE-2021-25803
PublicDate: 2021-07-26 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25803
 https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12)
 https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb
Description:
 A buffer overflow vulnerability in the vlc_input_attachment_New component
 of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an
 out-of-bounds read via a crafted .avi file.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H [7.1 HIGH]


Patches_vlc:
upstream_vlc: released (3.0.12-1)
trusty_vlc: ignored (out of standard support)
trusty/esm_vlc: DNE
xenial_vlc: ignored (out of standard support)
bionic_vlc: needs-triage
focal_vlc: needs-triage
hirsute_vlc: not-affected (3.0.12-3)
impish_vlc: not-affected
jammy_vlc: not-affected
devel_vlc: not-affected