CVE-2023-47359
9.8 CRITICALVideolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket()...
Published: 2023-11-07 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-787
Affected products
| Vendor | Product |
|---|---|
| videolan | vlc_media_player |
Description
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-47359
- [Exploit reference]https://0xariana.github.io/blog/real_bugs/vlc/mms
- [Other]https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html
- [Exploit reference]https://0xariana.github.io/blog/real_bugs/vlc/mms
- [Other]https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html
Related CVEs
Same vendor
- CVE-2023-47360 — Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length (7.5 HIGH)
Same CWE
- CVE-2026-54410 — nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows ... (8.6 HIGH)
- CVE-2026-6676 — Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execu... (7.8 HIGH)
- CVE-2025-14098 — Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executab... (7.8 HIGH)
- CVE-2026-41157 — A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU ...
- CVE-2026-34195 — Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in t...