National Cyber Awareness System

Vulnerability Summary for CVE-2011-0021

Overview

Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MLIST

Name: [oss-security] 20110120 Re: CVE request: heap corruption in VLC media player

Type: Patch Information

Hyperlink:http://openwall.com/lists/oss-security/2011/01/20/3

External Source: CONFIRM

Name: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab

Type: Patch Information

Hyperlink:http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab

External Source: CONFIRM

Name: http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2

Type: Patch Information

Hyperlink:http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2

External Source: XF

Name: vlcmediaplayer-cdg-code-execution(64879)

Hyperlink:http://xforce.iss.net/xforce/xfdb/64879

External Source: VUPEN

Name: ADV-2011-0185

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2011/0185

External Source: BID

Name: 45927

Hyperlink:http://www.securityfocus.com/bid/45927

External Source: OVAL

Name: oval:org.mitre.oval:def:12460

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12460

External Source: MLIST

Name: [oss-security] 20110119 CVE request: heap corruption in VLC media player

Hyperlink:http://openwall.com/lists/oss-security/2011/01/19/6

References to Check Content

Identifier:oval:org.mitre.oval:def:12460

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12460