CVE-2011-2587

Name of the Vulnerable Software and Affected Versions VLC media player versions 1.1.x through 1.1.10

Description A heap-based buffer overflow issue exists in the DemuxAudioSipr function in the RealMedia demuxer, which can be triggered by a crafted Real Media file. This issue may allow remote attackers to cause a denial of service or possibly execute arbitrary code. The vulnerability is due to an input validation error when allocating memory using certain values from a RealAudio data block within RealMedia files.

Recommendations For versions 1.1.x through 1.1.10, update to version 1.1.11 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RealMedia files until the issue is resolved. Restrict access to the RealMedia demuxer to minimize the risk of exploitation.