Bugzilla – Bug 1188856
VUL-0: CVE-2021-25803: vlc: buffer overflow in vlc_input_attachment_New component
Last modified: 2021-08-04 11:32:40 UTC
A buffer overflow vulnerability in the vlc_input_attachment_New component of
VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read
via a crafted .avi file.
This is already fixed in Leap and Factory.
The following Backport codestreams are affected:
Maybe this could be addressed there, too?
Wolfgang, something you can do for the backports? I'd suggest to inherit Factory's package