CVE-2011-0522

Name of the Vulnerable Software and Affected Versions VLC Media Player versions prior to 1.1.6-rc

Description The issue allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption. This is related to the StripTags function in the USF decoder and the Text decoder.

Recommendations For versions prior to 1.1.6-rc, update to version 1.1.6-rc or later to resolve the issue. As a temporary workaround, consider avoiding the use of subtitles from untrusted sources until the update is applied.