Published: 08/01/2021 Updated: 03/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows malicious users to trigger a heap-based buffer overflow via a crafted .mkv file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #979676 CVE-2020-26664 Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 9 Jan 2021 22:54:11 UTC Severity: important Tags: fixed- ...

Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed media file is opened For the stable distribution (buster), this problem has been fixed in version 3012-0+deb10u1 We recommend that you upgrade your vlc packages For the detailed security st ...

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3011 allows attackers to trigger a heap-based buffer overflow via a crafted mkv file ...

CWE-787 http://vlc.com https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt http://videolan.com https://www.debian.org/security/2021/dsa-4834 https://security.gentoo.org/glsa/202101-37 https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979676 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4834

CVE-2020-26664

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect