Upstream information

CVE-2022-41325 at MITRE

Description

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 7.8
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1206142 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP3
  • libvlc5 >= 3.0.18-bp153.2.6.1
  • libvlccore9 >= 3.0.18-bp153.2.6.1
  • vlc >= 3.0.18-bp153.2.6.1
  • vlc-codec-gstreamer >= 3.0.18-bp153.2.6.1
  • vlc-devel >= 3.0.18-bp153.2.6.1
  • vlc-jack >= 3.0.18-bp153.2.6.1
  • vlc-lang >= 3.0.18-bp153.2.6.1
  • vlc-noX >= 3.0.18-bp153.2.6.1
  • vlc-opencv >= 3.0.18-bp153.2.6.1
  • vlc-qt >= 3.0.18-bp153.2.6.1
  • vlc-vdpau >= 3.0.18-bp153.2.6.1
Patchnames:
openSUSE-2022-10252
SUSE Package Hub 15 SP4
  • libvlc5 >= 3.0.18-bp154.2.3.1
  • libvlccore9 >= 3.0.18-bp154.2.3.1
  • vlc >= 3.0.18-bp154.2.3.1
  • vlc-codec-gstreamer >= 3.0.18-bp154.2.3.1
  • vlc-devel >= 3.0.18-bp154.2.3.1
  • vlc-jack >= 3.0.18-bp154.2.3.1
  • vlc-lang >= 3.0.18-bp154.2.3.1
  • vlc-noX >= 3.0.18-bp154.2.3.1
  • vlc-opencv >= 3.0.18-bp154.2.3.1
  • vlc-qt >= 3.0.18-bp154.2.3.1
  • vlc-vdpau >= 3.0.18-bp154.2.3.1
Patchnames:
openSUSE-2022-10255
SUSE Package Hub 15 SP5
  • libvlc5 >= 3.0.20-bp155.2.3.1
  • libvlccore9 >= 3.0.20-bp155.2.3.1
  • vlc >= 3.0.20-bp155.2.3.1
  • vlc-codec-gstreamer >= 3.0.20-bp155.2.3.1
  • vlc-devel >= 3.0.20-bp155.2.3.1
  • vlc-jack >= 3.0.20-bp155.2.3.1
  • vlc-lang >= 3.0.20-bp155.2.3.1
  • vlc-noX >= 3.0.20-bp155.2.3.1
  • vlc-opencv >= 3.0.20-bp155.2.3.1
  • vlc-qt >= 3.0.20-bp155.2.3.1
  • vlc-vdpau >= 3.0.20-bp155.2.3.1
Patchnames:
openSUSE-2023-366
openSUSE Leap 15.3
  • libvlc5 >= 3.0.18-bp153.2.6.1
  • libvlccore9 >= 3.0.18-bp153.2.6.1
  • vlc >= 3.0.18-bp153.2.6.1
  • vlc-codec-gstreamer >= 3.0.18-bp153.2.6.1
  • vlc-devel >= 3.0.18-bp153.2.6.1
  • vlc-jack >= 3.0.18-bp153.2.6.1
  • vlc-lang >= 3.0.18-bp153.2.6.1
  • vlc-noX >= 3.0.18-bp153.2.6.1
  • vlc-opencv >= 3.0.18-bp153.2.6.1
  • vlc-qt >= 3.0.18-bp153.2.6.1
  • vlc-vdpau >= 3.0.18-bp153.2.6.1
Patchnames:
openSUSE-2022-10252
openSUSE Leap 15.4
  • libvlc5 >= 3.0.18-bp154.2.3.1
  • libvlccore9 >= 3.0.18-bp154.2.3.1
  • vlc >= 3.0.18-bp154.2.3.1
  • vlc-codec-gstreamer >= 3.0.18-bp154.2.3.1
  • vlc-devel >= 3.0.18-bp154.2.3.1
  • vlc-jack >= 3.0.18-bp154.2.3.1
  • vlc-lang >= 3.0.18-bp154.2.3.1
  • vlc-noX >= 3.0.18-bp154.2.3.1
  • vlc-opencv >= 3.0.18-bp154.2.3.1
  • vlc-qt >= 3.0.18-bp154.2.3.1
  • vlc-vdpau >= 3.0.18-bp154.2.3.1
Patchnames:
openSUSE-2022-10255
openSUSE Leap 15.5
  • libvlc5 >= 3.0.20-bp155.2.3.1
  • libvlccore9 >= 3.0.20-bp155.2.3.1
  • vlc >= 3.0.20-bp155.2.3.1
  • vlc-codec-gstreamer >= 3.0.20-bp155.2.3.1
  • vlc-devel >= 3.0.20-bp155.2.3.1
  • vlc-jack >= 3.0.20-bp155.2.3.1
  • vlc-lang >= 3.0.20-bp155.2.3.1
  • vlc-noX >= 3.0.20-bp155.2.3.1
  • vlc-opencv >= 3.0.20-bp155.2.3.1
  • vlc-qt >= 3.0.20-bp155.2.3.1
  • vlc-vdpau >= 3.0.20-bp155.2.3.1
Patchnames:
openSUSE-2023-366
openSUSE Tumbleweed
  • libvlc5 >= 3.0.18-4.1
  • libvlccore9 >= 3.0.18-4.1
  • vlc >= 3.0.18-4.1
  • vlc-codec-gstreamer >= 3.0.18-4.1
  • vlc-devel >= 3.0.18-4.1
  • vlc-jack >= 3.0.18-4.1
  • vlc-lang >= 3.0.18-4.1
  • vlc-noX >= 3.0.18-4.1
  • vlc-opencv >= 3.0.18-4.1
  • vlc-qt >= 3.0.18-4.1
  • vlc-vdpau >= 3.0.18-4.1
Patchnames:
openSUSE Tumbleweed GA libvlc5-3.0.18-4.1


SUSE Timeline for this CVE

CVE page created: Tue Dec 6 23:00:27 2022
CVE page last modified: Mon Mar 18 11:37:18 2024