vlc is vulnerable to arbitrary code execution. A heap-based buffer overflow in EbmlTypeDispatcher::send
allows an attacker to execute arbitrary code on the host OS via a malicious .mkv
file.
videolan.com
vlc.com
gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt
lists.debian.org/debian-lts-announce/2022/06/msg00012.html
security-tracker.debian.org/tracker/CVE-2020-26664
security.gentoo.org/glsa/202101-37
www.debian.org/security/2021/dsa-4834