CVE-2023-47359

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

critical 9.8 CVSS 3.1

Published: Nov 7, 2023

Modified: May 28, 2026

Vendor: Videolan

Description

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

References

https://0xariana.github.io/blog/real_bugs/vlc/mms
https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html
https://0xariana.github.io/blog/real_bugs/vlc/mms
https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html

Related CVEs

CVSS Breakdown

Version	3.1
Score	9.8 / 10
Severity	critical

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-787

Affected Product

Vendor	Videolan
Product	Vlc Media Player