Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2194

Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.

Related bugs and status

CVE-2011-2194 (Candidate) is related to these bugs:

Bug #795410: VLC XSPF integer overflow

		In	Importance	Status
795410	VLC XSPF integer overflow	vlc (Ubuntu)	Undecided	Fix Released
795410	VLC XSPF integer overflow	VLC media player	Unknown	Fix Released
795410	VLC XSPF integer overflow	vlc (Ubuntu Lucid)	Undecided	Fix Released
795410	VLC XSPF integer overflow	vlc (Ubuntu Maverick)	Undecided	Fix Released
795410	VLC XSPF integer overflow	vlc (Ubuntu Natty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.videolan.or...
DEBIAN: DSA-2257
SECUNIA: 44892
BID: 48171
OVAL: oval:org.mitre.oval:de...