CVE-2011-2194

VLC media player <1.1.9 - DoS/Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2194. PoCs published by TecR0c.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in VLC Media Player versions 0.8.5 to 1.1.9 due to an integer overflow in the XSPF playlist parser. The PoC uses a maliciously crafted XSPF file with an excessively large <vlc:id> value to trigger a memory access violation.

Description

Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by TecR0c · textdoswindows

https://www.exploit-db.com/exploits/17372

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in VLC Media Player versions 0.8.5 to 1.1.9 due to an integer overflow in the XSPF playlist parser. The PoC uses a maliciously crafted XSPF file with an excessively large <vlc:id> value to trigger a memory access violation.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: VLC Media Player 0.8.5 to 1.1.9

No auth needed

Prerequisites: A vulnerable version of VLC Media Player · Ability to deliver a malicious XSPF file to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2257

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44892

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48171

Vendor Advisory x_refsource_confirm

http://www.videolan.org/security/sa1104.html

Scores

EPSS 0.0918

EPSS Percentile 94.7%

Details

CWE

CWE-189

Status published

Products (40)

videolan/vlc_media_player 0.8.5

videolan/vlc_media_player 0.8.6

videolan/vlc_media_player 0.8.6a

videolan/vlc_media_player 0.8.6b

videolan/vlc_media_player 0.8.6c

videolan/vlc_media_player 0.8.6d

videolan/vlc_media_player 0.8.6e

videolan/vlc_media_player 0.8.6f

videolan/vlc_media_player 0.8.6g

videolan/vlc_media_player 0.8.6h

... and 30 more

Published Jun 24, 2011

Tracked Since Feb 18, 2026