CVE-2021-25804

HIGH

VLC Media Player 3.0.11 - Denial of Service via NULL Pointer Dereference in AVI Open Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-25804. PoCs published by DShankle.

AI-analyzed exploit summary The repository contains a technical analysis of CVE-2021-25804, focusing on the AVI demuxer in VLC media player. It includes code snippets and detailed notes on stream handling, chunk parsing, and potential vulnerabilities in the AVI file format processing.

Description

A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.

Exploits (1)

nomisec WRITEUP

by DShankle · poc

https://github.com/DShankle/VLC_CVE-2021-25804_Analysis

View Code ZIP pw:eip

The repository contains a technical analysis of CVE-2021-25804, focusing on the AVI demuxer in VLC media player. It includes code snippets and detailed notes on stream handling, chunk parsing, and potential vulnerabilities in the AVI file format processing.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: VLC media player (AVI demuxer)

No auth needed

Prerequisites: Malformed AVI file with crafted chunks

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c

Scores

CVSS v3 7.5

EPSS 0.0181

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (1)

videolan/vlc_media_player 3.0.11

Published Jul 26, 2021

Tracked Since Feb 18, 2026