ELA-749-1 vlc security update

buffer overflow

Version3.0.17.4-0+deb9u2 (stretch)
Related CVEs CVE-2022-41325

Mitsurugi Heishiro found out that in VLC, multimedia player and streamer, a potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played.

For Debian 9 stretch, these problems have been fixed in version

We recommend that you upgrade your vlc packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.