Back to search
CVE-2011-0522
Published: Feb 7, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
46008
vdb-entry
x_refsource_BID
vlcmediaplayer-usf-bo(65029)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:12414
vdb-entry
signature
x_refsource_OVAL
8064
third-party-advisory
x_refsource_SREASON
[oss-security] 20110125 Re: CVE Request: VLC Subtitle StripTags heap corruption
mailing-list
x_refsource_MLIST
16108
exploit
x_refsource_EXPLOIT-DB
[oss-security] 20110125 CVE Request: VLC Subtitle StripTags heap corruption
mailing-list
x_refsource_MLIST
[vlc-devel] 20110117 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included
mailing-list
x_refsource_MLIST
ADV-2011-0225
vdb-entry
x_refsource_VUPEN
[vlc-devel] 20110116 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now