PT-2011-3291 · Videolan · Vlc Media Player

Published

2011-05-03

Updated

2017-09-19

CVE-2011-1684

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VLC media player versions 1.x through 1.1.8 VLC media player versions prior to 1.1.9

Description The issue is related to a heap-based buffer overflow in the MP4 ReadBox skcr function in libmp4.c in the MP4 demultiplexer. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.

Recommendations For VLC media player versions 1.x through 1.1.8, update to version 1.1.9 or later. For VLC media player versions prior to 1.1.9, update to version 1.1.9 or later. As a temporary workaround, consider avoiding the use of the MP4 demultiplexer until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-1684

DSA-2218-1

Affected Products

Vlc Media Player

PT-2011-3291 · Videolan · Vlc Media Player

CVE-2011-1684

Weakness Enumeration

Related Identifiers

Affected Products

References · 20