VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00301}

epss

{'score': 0.00253}


Wed, 25 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Videolan
Videolan vlc Media Player
Weaknesses CWE-122
CPEs cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
Vendors & Products Videolan
Videolan vlc Media Player
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Description VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-25T15:39:36.371Z

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-46461

cve-icon Vulnrichment

Updated: 2024-09-25T15:39:31.700Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-25T15:15:14.567

Modified: 2024-09-26T13:32:02.803

Link: CVE-2024-46461

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.