Advisories » MGASA-2024-0007

Updated vlc packages fix security vulnerabilities

Publication date: 14 Jan 2024
Modification date: 14 Jan 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-47359 , CVE-2023-47360

Description

The updated packages fix security vulnerabilities:
Videolan VLC prior to version 3.0.20 contains an incorrect offset read
that leads to a Heap-Based Buffer Overflow in function GetPacket() and
results in a memory corruption (CVE-2023-47359).
Videolan VLC prior to version 3.0.20 contains an Integer underflow that
leads to an incorrect packet length (CVE-2023-47360).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32487
• https://lwn.net/Articles/950049/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47359
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47360

SRPMS

9/tainted

• vlc-3.0.20-1.mga9.tainted

9/core

• vlc-3.0.20-1.mga9