| Package | vlc |
|---|---|
| Version | 3.0.20-0+deb9u1 (stretch) |
| Related CVEs | CVE-2023-47359 CVE-2023-47360 |
Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version.
CVE-2023-47359
Heap buffer overflow in the MMSH module.
CVE-2023-47360
Integer underflow in the MMSH module.
For Debian 9 stretch, these problems have been fixed in version 3.0.20-0+deb9u1.
We recommend that you upgrade your vlc packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.