CVE-2011-0531

Videolan Vlc Media Player < 1.1.6.1 - Improper Input Validation

Title source: rule

Description

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16637

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Dan Rosenberg · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/vlc_webm.rb

View Code ZIP pw:eip

References (13)

[Patch] http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07

[Third Party Advisory, VDB Entry] http://osvdb.org/70698

[Vendor Advisory] http://secunia.com/advisories/43131

[Patch] http://www.openwall.com/lists/oss-security/2011/01/31/4

[Patch] http://www.openwall.com/lists/oss-security/2011/01/31/8

[Patch, Vendor Advisory] http://www.videolan.org/security/sa1102.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/65045

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46060

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2159

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1025018

[Third Party Advisory] http://secunia.com/advisories/43242

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0363

Scores

EPSS 0.7325

EPSS Percentile 98.8%

Details

CWE

CWE-20

Status published

Products (50)

videolan/vlc_media_player 0.1.99b

videolan/vlc_media_player 0.1.99e

videolan/vlc_media_player 0.1.99f

videolan/vlc_media_player 0.1.99g

videolan/vlc_media_player 0.1.99h

videolan/vlc_media_player 0.1.99i

videolan/vlc_media_player 0.2.0

videolan/vlc_media_player 0.2.60

videolan/vlc_media_player 0.2.61

videolan/vlc_media_player 0.2.62

... and 40 more

Published Feb 07, 2011

Tracked Since Feb 18, 2026