CNNVD-202601-2797 Information
CNNVD ID
CNNVD-202601-2797
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
VideoLAN VLC media player是法国VideoLAN组织的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV,MP3等)等。 VideoLAN VLC media player 3.0.22之前版本存在缓冲区错误漏洞,该漏洞源于mmstu.c文件对特制MMS服务器响应的处理存在越界读取,可能导致拒绝服务攻击。
Description (English)
VidioLAN VLC media player is a free, open-source, multi-platform multimedia player (also a multimedia framework) organized by Vidiolan, France. The product supports the broadcasting of various media (documents, CDs, etc.), audio and video formats (WMV, MP3, etc.). The previous version of VideoLAN VLC media player 3.0.22 had an error loophole in the buffer zone, which stemmed from cross-border access to the processing of the mmstu.c document response to a specially designed MMS server, which could lead to a denial of service attack.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
VideoLAN
Published
2026-01-16
Last Modified
2026-02-24
References
https://code.videolan.org/videolan/vlc/-/issues/29146 https://www.videolan.org/security/sb-vlc3022.html https://vigilance.fr/vulnerability/VideoLAN-VLC-multiple-vulnerabilities-dated-25-11-2025-48857
Patch
https://www.videolan.org/security/sb-vlc3022.html
Share on: