Videolan : Security Vulnerabilities, CVEs, Published In 2011
CVE-2011-0531
Public exploit
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
Max CVSS
9.3
EPSS Score
97.13%
Published
2011-02-07
Updated
2017-09-19
CVE-2010-3275
Public exploit
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
Max CVSS
9.3
EPSS Score
93.76%
Published
2011-03-28
Updated
2018-10-10
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
Max CVSS
6.8
EPSS Score
5.75%
Published
2011-07-27
Updated
2017-09-19
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
Max CVSS
6.8
EPSS Score
5.75%
Published
2011-07-27
Updated
2017-09-19
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
27.90%
Published
2011-06-24
Updated
2017-09-19
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
Max CVSS
6.8
EPSS Score
2.17%
Published
2011-07-07
Updated
2011-09-22
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
Max CVSS
6.8
EPSS Score
9.27%
Published
2011-05-03
Updated
2017-09-19
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
Max CVSS
7.6
EPSS Score
3.54%
Published
2011-05-03
Updated
2017-09-19
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
Max CVSS
6.8
EPSS Score
82.84%
Published
2011-02-07
Updated
2017-09-19
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
Max CVSS
9.3
EPSS Score
4.04%
Published
2011-01-25
Updated
2017-09-19
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
5.09%
Published
2011-01-03
Updated
2017-09-19
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
Max CVSS
9.3
EPSS Score
8.46%
Published
2011-03-28
Updated
2018-10-10
12 vulnerabilities found