CVE-2011-0531

Name of the Vulnerable Software and Affected Versions VLC media player version 1.1.6.1 and earlier

Description The issue allows remote attackers to cause a denial of service (crash) and potentially execute arbitrary commands via a crafted MKV (WebM or Matroska) file. This is related to "class mismatching" and the MKV IS ID macro, which can trigger memory corruption.

Recommendations For VLC media player version 1.1.6.1 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, avoid using the MKV demuxer plugin until a patch is available. Restrict access to crafted MKV files to minimize the risk of exploitation.