CVE-2020-26664

HIGH

VLC media player <3.0.11 - Buffer Overflow

Title source: llm
STIX 2.1

Description

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

References (6)

Core 6
Core References
Third Party Advisory x_refsource_misc
http://vlc.com
Product, Vendor Advisory
http://videolan.com
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-4834
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202101-37
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html

Scores

CVSS v3 7.8
EPSS 0.0146
EPSS Percentile 70.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (3)
debian/debian_linux 9.0
debian/debian_linux 10.0
videolan/vlc_media_player < 3.0.12
Published Jan 08, 2021
Tracked Since Feb 18, 2026