CVE-2011-2588

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 1.1.11

Description A heap-based buffer overflow issue exists in the AVI demuxer, specifically in the AVI ChunkRead strf function in libavi.c. This is due to an integer underflow error when parsing the strf chunk within AVI files, which can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code, potentially compromising a user's system.

Recommendations For versions prior to 1.1.11, update to version 1.1.11 or later to resolve the issue. As a temporary workaround, consider avoiding the use of AVI files or restricting access to potentially malicious AVI media files until the update is applied.