Unrated severityNVD Advisory· Published Dec 6, 2022· Updated Apr 23, 2025

CVE-2022-41325

Description

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

Affected products

VideoLAN/VLC Media Playerdescription
osv-coords7 versions
pkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/vlc&distro=openSUSE%20Tumbleweed pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP3 pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP4 pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP5
< 3.0.18-bp153.2.6.1+ 6 more
- (no CPE)range: < 3.0.18-bp153.2.6.1
- (no CPE)range: < 3.0.18-bp154.2.3.1
- (no CPE)range: < 3.0.20-bp155.2.3.1
- (no CPE)range: < 3.0.18-4.1
- (no CPE)range: < 3.0.18-bp153.2.6.1
- (no CPE)range: < 3.0.18-bp154.2.3.1
- (no CPE)range: < 3.0.20-bp155.2.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2022/dsa-5297mitrevendor-advisory
twitter.com/0xMitsurugimitre
www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdfmitre
www.videolan.org/security/sb-vlc3018.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000