CVE-2011-0531

EPSS 73.25%
Veröffentlicht 07.02.2011 21:00:16
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Videolan ≫ Vlc Media Player Version <= 1.1.6.1

Videolan ≫ Vlc Media Player Version0.1.99b

Videolan ≫ Vlc Media Player Version0.1.99e

Videolan ≫ Vlc Media Player Version0.1.99f

Videolan ≫ Vlc Media Player Version0.1.99g

Videolan ≫ Vlc Media Player Version0.1.99h

Videolan ≫ Vlc Media Player Version0.1.99i

Videolan ≫ Vlc Media Player Version0.2.0

Videolan ≫ Vlc Media Player Version0.2.60

Videolan ≫ Vlc Media Player Version0.2.61

Videolan ≫ Vlc Media Player Version0.2.62

Videolan ≫ Vlc Media Player Version0.2.63

Videolan ≫ Vlc Media Player Version0.2.70

Videolan ≫ Vlc Media Player Version0.2.71

Videolan ≫ Vlc Media Player Version0.2.72

Videolan ≫ Vlc Media Player Version0.2.73

Videolan ≫ Vlc Media Player Version0.2.80

Videolan ≫ Vlc Media Player Version0.2.81

Videolan ≫ Vlc Media Player Version0.2.82

Videolan ≫ Vlc Media Player Version0.2.83

Videolan ≫ Vlc Media Player Version0.2.90

Videolan ≫ Vlc Media Player Version0.2.91

Videolan ≫ Vlc Media Player Version0.2.92

Videolan ≫ Vlc Media Player Version0.3.0

Videolan ≫ Vlc Media Player Version0.3.1

Videolan ≫ Vlc Media Player Version0.4.0

Videolan ≫ Vlc Media Player Version0.4.1

Videolan ≫ Vlc Media Player Version0.4.2

Videolan ≫ Vlc Media Player Version0.4.3

Videolan ≫ Vlc Media Player Version0.4.4

Videolan ≫ Vlc Media Player Version0.4.5

Videolan ≫ Vlc Media Player Version0.4.6

Videolan ≫ Vlc Media Player Version0.5.0

Videolan ≫ Vlc Media Player Version0.5.1

Videolan ≫ Vlc Media Player Version0.5.2

Videolan ≫ Vlc Media Player Version0.5.3

Videolan ≫ Vlc Media Player Version0.6.0

Videolan ≫ Vlc Media Player Version0.6.1

Videolan ≫ Vlc Media Player Version0.6.2

Videolan ≫ Vlc Media Player Version0.7.0

Videolan ≫ Vlc Media Player Version0.7.2

Videolan ≫ Vlc Media Player Version0.8.0

Videolan ≫ Vlc Media Player Version0.8.1

Videolan ≫ Vlc Media Player Version0.8.2

Videolan ≫ Vlc Media Player Version0.8.4

Videolan ≫ Vlc Media Player Version0.8.5

Videolan ≫ Vlc Media Player Version0.8.6

Videolan ≫ Vlc Media Player Version0.9.2

Videolan ≫ Vlc Media Player Version0.9.3

Videolan ≫ Vlc Media Player Version0.9.4

Videolan ≫ Vlc Media Player Version0.9.5

Videolan ≫ Vlc Media Player Version0.9.6

Videolan ≫ Vlc Media Player Version0.9.8a

Videolan ≫ Vlc Media Player Version0.9.9

Videolan ≫ Vlc Media Player Version0.9.10

Videolan ≫ Vlc Media Player Version1.0.0

Videolan ≫ Vlc Media Player Version1.0.1

Videolan ≫ Vlc Media Player Version1.0.2

Videolan ≫ Vlc Media Player Version1.0.3

Videolan ≫ Vlc Media Player Version1.0.4

Videolan ≫ Vlc Media Player Version1.0.5

Videolan ≫ Vlc Media Player Version1.0.6

Videolan ≫ Vlc Media Player Version1.1.0

Videolan ≫ Vlc Media Player Version1.1.1

Videolan ≫ Vlc Media Player Version1.1.2

Videolan ≫ Vlc Media Player Version1.1.3

Videolan ≫ Vlc Media Player Version1.1.4

Videolan ≫ Vlc Media Player Version1.1.5

Videolan ≫ Vlc Media Player Version1.1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	73.25%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07

http://osvdb.org/70698

http://secunia.com/advisories/43131

Vendor Advisory

http://secunia.com/advisories/43242

http://www.debian.org/security/2011/dsa-2159

http://www.openwall.com/lists/oss-security/2011/01/31/4

Patch

http://www.openwall.com/lists/oss-security/2011/01/31/8

Patch

http://www.securityfocus.com/bid/46060

http://www.securitytracker.com/id?1025018