Primary

Context

VideoLAN VLC Media Player Out-of-Bounds Read Vulnerability in MMS Protocol

Vulnerability

Patched

A vulnerability allowing an out-of-bounds read and denial-of-service has been identified in VideoLAN VLC media player versions prior to 3.0.22. This issue arises in the 'mmstu.c' file, where a crafted 0x01 response from an MMS server can be exploited.

Impact

Exploitation of this vulnerability leads to a crash of the VLC media player, causing a denial-of-service condition. While this issue primarily causes the application to crash, there is a possibility that it could be combined with other vulnerabilities to leak user information or execute code remotely. However, such code execution has not been observed in practice.

Remediation

Users can upgrade to VLC media player version 3.0.22 to address this vulnerability. Until the patch is applied, it is recommended to avoid opening files or streams from untrusted sources and to disable VLC browser plugins.

Added: Jan 16, 2026, 6:19 PM

Updated: Jan 16, 2026, 7:47 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.9

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.9

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VideoLAN VLC Media Player Out-of-Bounds Read Vulnerability in MMS Protocol

Vulnerability

Impact

Remediation

Affected Products

VideoLAN VLC media player

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating