9.3

CVE-2011-0531

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideolanVlc Media Player Version <= 1.1.6.1
VideolanVlc Media Player Version0.1.99b
VideolanVlc Media Player Version0.1.99e
VideolanVlc Media Player Version0.1.99f
VideolanVlc Media Player Version0.1.99g
VideolanVlc Media Player Version0.1.99h
VideolanVlc Media Player Version0.1.99i
VideolanVlc Media Player Version0.2.0
VideolanVlc Media Player Version0.2.60
VideolanVlc Media Player Version0.2.61
VideolanVlc Media Player Version0.2.62
VideolanVlc Media Player Version0.2.63
VideolanVlc Media Player Version0.2.70
VideolanVlc Media Player Version0.2.71
VideolanVlc Media Player Version0.2.72
VideolanVlc Media Player Version0.2.73
VideolanVlc Media Player Version0.2.80
VideolanVlc Media Player Version0.2.81
VideolanVlc Media Player Version0.2.82
VideolanVlc Media Player Version0.2.83
VideolanVlc Media Player Version0.2.90
VideolanVlc Media Player Version0.2.91
VideolanVlc Media Player Version0.2.92
VideolanVlc Media Player Version0.3.0
VideolanVlc Media Player Version0.3.1
VideolanVlc Media Player Version0.4.0
VideolanVlc Media Player Version0.4.1
VideolanVlc Media Player Version0.4.2
VideolanVlc Media Player Version0.4.3
VideolanVlc Media Player Version0.4.4
VideolanVlc Media Player Version0.4.5
VideolanVlc Media Player Version0.4.6
VideolanVlc Media Player Version0.5.0
VideolanVlc Media Player Version0.5.1
VideolanVlc Media Player Version0.5.2
VideolanVlc Media Player Version0.5.3
VideolanVlc Media Player Version0.6.0
VideolanVlc Media Player Version0.6.1
VideolanVlc Media Player Version0.6.2
VideolanVlc Media Player Version0.7.0
VideolanVlc Media Player Version0.7.2
VideolanVlc Media Player Version0.8.0
VideolanVlc Media Player Version0.8.1
VideolanVlc Media Player Version0.8.2
VideolanVlc Media Player Version0.8.4
VideolanVlc Media Player Version0.8.5
VideolanVlc Media Player Version0.8.6
VideolanVlc Media Player Version0.9.2
VideolanVlc Media Player Version0.9.3
VideolanVlc Media Player Version0.9.4
VideolanVlc Media Player Version0.9.5
VideolanVlc Media Player Version0.9.6
VideolanVlc Media Player Version0.9.8a
VideolanVlc Media Player Version0.9.9
VideolanVlc Media Player Version0.9.10
VideolanVlc Media Player Version1.0.0
VideolanVlc Media Player Version1.0.1
VideolanVlc Media Player Version1.0.2
VideolanVlc Media Player Version1.0.3
VideolanVlc Media Player Version1.0.4
VideolanVlc Media Player Version1.0.5
VideolanVlc Media Player Version1.0.6
VideolanVlc Media Player Version1.1.0
VideolanVlc Media Player Version1.1.1
VideolanVlc Media Player Version1.1.2
VideolanVlc Media Player Version1.1.3
VideolanVlc Media Player Version1.1.4
VideolanVlc Media Player Version1.1.5
VideolanVlc Media Player Version1.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 41.58% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07
http://osvdb.org/70698
http://secunia.com/advisories/43131
Vendor Advisory
http://secunia.com/advisories/43242
http://www.debian.org/security/2011/dsa-2159
http://www.openwall.com/lists/oss-security/2011/01/31/4
Patch
http://www.openwall.com/lists/oss-security/2011/01/31/8
Patch
http://www.securityfocus.com/bid/46060
http://www.securitytracker.com/id?1025018
http://www.videolan.org/security/sa1102.html
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0363
https://exchange.xforce.ibmcloud.com/vulnerabilities/65045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415