-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4507-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 23, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : vlc Version : 3.0.23-0+deb11u1 CVE ID : CVE-2025-51602 An out-of-bounds read vulnerability was discovered in VLC media player, a multimedia player and streamer. The MMS protocol handler in mmstu.c did not properly validate boundaries when processing a crafted 0x01 response from an MMS server. A remote attacker controlling a malicious MMS server could exploit this to cause an out-of-bounds read, resulting in a denial of service (application crash) and potentially leaking sensitive memory contents. For Debian 11 bullseye, this problem has been fixed in version 3.0.23-0+deb11u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmnBlbEACgkQgj6WdgbD S5bx/w/+I8xJE5XD6Ob8rJJ84k522rIPQgULpN9vUzyv2qd9NoQrZ81Mx2Rq0tq0 b7+gWlignyHnU/XCPSHYu4woowtfDaz72HUjuX4b2b4IpYe1LcgxIWmkR1e1W0iG OSvrPsIjrgdZVXafX5trU6GqMImGNZsUmhggL8scTljdQLybpcRDwVzs5fi49yD8 xlsMPPbMIO5f1zVqFCNTjhkkBU5piKjdqRSoSIF0Bqw5gUl+C/Rd0zSkJF4TV7Nz 36dARRVVdWvdR6P4Q4fDN1t4LIN5gX5pJsJW9bEbcr73lHBfVWzqXPBAI1ur6Zl0 mUKhNsyoIM7IxNtzGd32jIL0Phex/rEKMl7S93M0Igu+b3gQGjmtrmki2cwmCb5g titfi0/jKPin0ElrFstJJFfLdB5X6IA44XIEOIADMjrUgtLEmk/od9djfK03GGDf LzfCtfORqa695Vn9nI0SxVvQlBOYdDPBN6h8wphTTHN3eelQ1anQ67vcIWnib1i+ M2U7MuuLarqC+oMme0NlLJy8TuNpUQyAfhwqbmg0R8hcTwhbK1I3DXin1LpnfyCI gDO9fXsGUXJNmAPESEPfzpMCD3LN7qfD2fsQUeygz9X5OZwkKdn6Y6JhnRDFy7xt Y7NAZgmwHp3aXeFC1sh/YFxrH4uJ5UKhBV664o4aWZ5peN3HMas= =sQwn -----END PGP SIGNATURE-----
