Launchpad.net

CVE 2011-2587

Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.

Related bugs and status

CVE-2011-2587 (Candidate) is related to these bugs:

Bug #807486: vlc: RealMedia demuxer integer overflow

		In	Importance	Status
807486	vlc: RealMedia demuxer integer overflow	vlc (Ubuntu)	Undecided	Fix Released
807486	vlc: RealMedia demuxer integer overflow	VLC media player	Critical	Fix Released
807486	vlc: RealMedia demuxer integer overflow	vlc (Debian)	Unknown	Fix Released
807486	vlc: RealMedia demuxer integer overflow	vlc (Ubuntu Maverick)	Undecided	Fix Released
807486	vlc: RealMedia demuxer integer overflow	vlc (Ubuntu Natty)	Undecided	Fix Released

Bug #807488: vlc: AVI demuxer integer overflow

		In	Importance	Status
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu)	Undecided	Fix Released
807488	vlc: AVI demuxer integer overflow	VLC media player	Critical	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Debian)	Unknown	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu Lucid)	Undecided	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu Maverick)	Undecided	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu Natty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-2587

Related bugs and status

Related bugs

References