CVE-2011-0531

EPSS 41.6%

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/16637unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07 http://osvdb.org/70698 http://secunia.com/advisories/43131 http://secunia.com/advisories/43242 https://exchange.xforce.ibmcloud.com/vulnerabilities/65045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415 http://www.debian.org/security/2011/dsa-2159 http://www.openwall.com/lists/oss-security/2011/01/31/4 http://www.openwall.com/lists/oss-security/2011/01/31/8 http://www.securityfocus.com/bid/46060 http://www.securitytracker.com/id?1025018 http://www.videolan.org/security/sa1102.html