Buffer overflow in Videolan Vlc_media_player
CVE-2011-0522
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary co…
Vulnerability class: Buffer Overflow
EPSS: 0.662 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Videolan Vlc_media_player — versions 1.1.0, 1.1.1, 1.1.2
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 46008 (Exploit, vdb-entry, x_refsource_BID)
- vlcmediaplayer-usf-bo(65029) (vdb-entry, x_refsource_XF)
- oval:org.mitre.oval:def:12414 (x_refsource_OVAL, signature, vdb-entry)
- 8064 (x_refsource_SREASON, third-party-advisory)
- [oss-security] 20110125 Re: CVE Request: VLC Subtitle StripTags heap corruption (mailing-list, x_refsource_MLIST, Patch)
- 16108 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- [oss-security] 20110125 CVE Request: VLC Subtitle StripTags heap corruption (mailing-list, x_refsource_MLIST, Patch)
- [vlc-devel] 20110117 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included (mailing-list, x_refsource_MLIST)
- ADV-2011-0225 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2011-0522?
- CVE-2011-0522 is a vulnerability in Videolan Vlc_media_player, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-02-07.
- Is CVE-2011-0522 known to be exploited?
- 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.