CVE-2023-47359

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 7, 2023

Updated: Dec 1, 2023

CWE ID 787

Summary

CVE-2023-47359 is a newly identified vulnerability in Videolan VLC media player. An incorrect offset read in the GetPacket() function leads to a heap-based buffer overflow, causing memory corruption. This issue can potentially be exploited by an attacker to execute arbitrary code or crash the application. Users are advised to upgrade to version 3.0.20 or later to mitigate this risk. Until then, they should exercise caution when handling media files from untrusted sources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

VLC Media Player

Affected Vendors

VideoLAN

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tSo6UP
https://www.cve.org/CVERecord?id=CVE-2023-47359
https://nvd.nist.gov/vuln/detail/CVE-2023-47359

Back to Vulnerability Database