Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-0531

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

Related bugs and status

CVE-2011-0531 (Candidate) is related to these bugs:

Bug #714089: memory corruption, code execution (CVE-2011-0531)

		In	Importance	Status
714089	memory corruption, code execution (CVE-2011-0531)	vlc (Ubuntu)	Undecided	Fix Released
714089	memory corruption, code execution (CVE-2011-0531)	vlc (Ubuntu Lucid)	Undecided	Fix Released
714089	memory corruption, code execution (CVE-2011-0531)	vlc (Ubuntu Maverick)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2011013...
MLIST: [oss-security] 2011013...
CONFIRM: http://git.videolan.or...
CONFIRM: http://www.videolan.or...
BID: 46060
OSVDB: 70698
SECTRACK: 1025018
SECUNIA: 43131
DEBIAN: DSA-2159
SECUNIA: 43242
VUPEN: ADV-2011-0363
XF: vlc-mkv-code-execution...
OVAL: oval:org.mitre.oval:de...