Search for vulnerabilities
Vulnerability details: VCID-cyj2-72nh-3kgf
Vulnerability ID VCID-cyj2-72nh-3kgf
Aliases CVE-2021-25801
Summary A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Status Published
Exploitability 0.5
Weighted Severity 6.4
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.0203 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02035 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
epss 0.02431 https://api.first.org/data/v1/epss?cve=CVE-2021-25801
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25801
cvssv3.1 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25801
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-25801
https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25804
cpe:2.3:a:videolan:vlc_media_player:3.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:3.0.11:*:*:*:*:*:*:*
CVE-2021-25801 https://nvd.nist.gov/vuln/detail/CVE-2021-25801
USN-6180-1 https://usn.ubuntu.com/6180-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-25801
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-25801
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.83109
EPSS Score 0.0203
Published At Sept. 11, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:42:08.997231+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6180-1/ 37.0.0