Launchpad CVE tracker

CVE 2011-0021

Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.

Related bugs and status

CVE-2011-0021 (Candidate) is related to these bugs:

Bug #707154: heap overflow in CDG decoder and XML heap corruption

		In	Importance	Status
707154	heap overflow in CDG decoder and XML heap corruption	vlc (Ubuntu)	Undecided	Fix Released
707154	heap overflow in CDG decoder and XML heap corruption	vlc (Ubuntu Lucid)	Undecided	Fix Released
707154	heap overflow in CDG decoder and XML heap corruption	vlc (Ubuntu Maverick)	Undecided	Fix Released

Bug #709315: [needs-update] VLC media player 1.1.7

Summary				In	Importance	Status
	709315	[needs-update] VLC media player 1.1.7		GetDeb Software Portal	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2011011...
MLIST: [oss-security] 2011012...
CONFIRM: http://download.videol...
CONFIRM: http://git.videolan.or...
VUPEN: ADV-2011-0185
BID: 45927
XF: vlcmediaplayer-cdg-cod...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2011-0021

Related bugs and status

Related bugs

References