CVE-2011-1684

Name of the Vulnerable Software and Affected Versions VLC media player versions 1.x through 1.1.8 VLC media player versions prior to 1.1.9

Description The issue is related to a heap-based buffer overflow in the MP4 ReadBox skcr function in libmp4.c in the MP4 demultiplexer. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.

Recommendations For VLC media player versions 1.x through 1.1.8, update to version 1.1.9 or later. For VLC media player versions prior to 1.1.9, update to version 1.1.9 or later. As a temporary workaround, consider avoiding the use of the MP4 demultiplexer until a patch is available.