CVE-2021-25804

Published: 26 July 2021

A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
vlc Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	hirsute	Not vulnerable (3.0.12-3)
	impish	Not vulnerable
	jammy	Not vulnerable
	trusty	Does not exist
	upstream	Released (3.0.12-1)
	xenial	Ignored (out of standard support)

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.