CVE-2011-3623

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 1.0.2

Description The issue allows remote attackers to execute arbitrary code via crafted media files, including ASF, AVI, and MP4 files. This is related to functions such as ASF ObjectDumpDebug in libasf.c, AVI ChunkDumpDebug level in libavi.c, and MP4 BoxDumpStructure in libmp4.c.

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of ASF ObjectDumpDebug, AVI ChunkDumpDebug level, and MP4 BoxDumpStructure functions until a patch is available. Restrict access to crafted media files to minimize the risk of exploitation.