High severity7.8NVD Advisory· Published Jan 8, 2021· Updated Jul 5, 2026
CVE-2020-26664
CVE-2020-26664
Description
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- VideoLAN/VLC media playerdescription
- Range: 3.0.11
- osv-coords5 versionspkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/vlc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP2
< 3.0.11.1-lp151.6.12.1+ 4 more
- (no CPE)range: < 3.0.11.1-lp151.6.12.1
- (no CPE)range: < 3.0.11.1-lp152.2.9.1
- (no CPE)range: < 3.0.16-1.5
- (no CPE)range: < 3.0.11.1-bp151.5.12.1
- (no CPE)range: < 3.0.11.1-bp152.2.9.1
Patches
Vulnerability mechanics
References
6- gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txtnvdExploitThird Party Advisory
- videolan.comnvdProductVendor Advisory
- vlc.comnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/06/msg00012.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202101-37nvdThird Party Advisory
- www.debian.org/security/2021/dsa-4834nvdThird Party Advisory
News mentions
1- ABB Ability Camera ConnectCISA ICS Advisories