CVE-2023-47360 – CVE-2023-47360 is an integer underflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-47360?

CVE-2023-47360 has a CVSS score of 7.5 (HIGH). CVE-2023-47360 is an integer underflow vulnerability in VLC media player's MMS protocol handler that can cause incorrect packet length calculations. This could allow remote attackers to trigger memory corruption issues. Users running VLC versions prior to 3.0.20 are affected when processing malicious media streams.

📋 TL;DR

CVE-2023-47360 is an integer underflow vulnerability in VLC media player's MMS protocol handler that can cause incorrect packet length calculations. This could allow remote attackers to trigger memory corruption issues. Users running VLC versions prior to 3.0.20 are affected when processing malicious media streams.

💻 Affected Systems

Products:

VLC media player

Versions: All versions prior to 3.0.20

Operating Systems: Windows, Linux, macOS, BSD, Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in MMS protocol handler; affects all platforms where VLC is installed

📦 What is this software?

Vlc Media Player by Videolan

View all CVEs affecting Vlc Media Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise when processing a malicious media stream

🟠

Likely Case

Application crash (denial of service) or potential information disclosure through memory corruption

🟢

If Mitigated

Application crash with no further impact if memory protections are enabled

🌐 Internet-Facing: MEDIUM - Requires user to open malicious media from untrusted sources

🏢 Internal Only: LOW - Typically requires user interaction with malicious content

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user to open malicious media stream; technical details and proof-of-concept are publicly available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.20 and later

Vendor Advisory: https://www.videolan.org/security/sb-vlc3020.html

Restart Required: Yes

Instructions:

1. Download VLC 3.0.20 or later from videolan.org
2. Install the update
3. Restart VLC and any running instances

🔧 Temporary Workarounds

Disable MMS protocol

all

Prevent VLC from handling MMS streams by disabling the protocol handler

Not applicable - requires GUI configuration: Tools > Preferences > Input/Codecs > Demuxers > uncheck 'MMS'

Network filtering

linux

Block MMS protocol traffic at network perimeter

iptables -A OUTPUT -p tcp --dport 1755 -j DROP
iptables -A OUTPUT -p udp --dport 1755 -j DROP

🧯 If You Can't Patch

Restrict VLC to trusted media sources only
Implement application whitelisting to prevent unauthorized VLC execution

🔍 How to Verify

Check if Vulnerable:

Check VLC version: Help > About (GUI) or 'vlc --version' (CLI)

Check Version:

vlc --version | head -1

Verify Fix Applied:

Confirm version is 3.0.20 or higher

📡 Detection & Monitoring

Log Indicators:

VLC crash logs
Application error events mentioning VLC

Network Indicators:

MMS protocol traffic (TCP/UDP port 1755) to untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName='vlc.exe'

📊 Metadata

CVE ID: CVE-2023-47360

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-191

Published: November 7, 2023

Last Updated: November 21, 2024

🔗 References

https://0xariana.github.io/blog/real_bugs/vlc/mms Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html
https://0xariana.github.io/blog/real_bugs/vlc/mms Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47360, you might also want to check these: