Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Videolan
  • Vlc Media Player

Configuration 1 [-]

OR cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/44892 Vendor Advisory
http://www.debian.org/security/2011/dsa-2257
http://www.securityfocus.com/bid/48171
http://www.videolan.org/security/sa1104.html Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-06-24T20:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2011-05-31T00:00:00

Link: CVE-2011-2194

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2011-06-24T20:55:03.840

Modified: 2017-09-19T01:32:55.287

Link: CVE-2011-2194

JSON object: View

cve-icon Redhat Information

No data.

CWE