Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1684

Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.

Related bugs and status

CVE-2011-1684 (Candidate) is related to these bugs:

Bug #756368: Heap overflow in MP4 demuxer

		In	Importance	Status
756368	Heap overflow in MP4 demuxer	vlc (Ubuntu)	Undecided	Fix Released
756368	Heap overflow in MP4 demuxer	VLC media player	Critical	Fix Released
756368	Heap overflow in MP4 demuxer	VLC media player 1.0-bugfix	Undecided	Fix Released
756368	Heap overflow in MP4 demuxer	vlc (Ubuntu Lucid)	Undecided	Fix Released
756368	Heap overflow in MP4 demuxer	vlc (Ubuntu Maverick)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2011041...
MLIST: [oss-security] 2011041...
MLIST: [oss-security] 2011041...
CONFIRM: http://git.videolan.or...
CONFIRM: http://www.videolan.or...
DEBIAN: DSA-2218
BID: 47293
SECTRACK: 1025373
SECUNIA: 43890
SECUNIA: 44022
VUPEN: ADV-2011-0916
VUPEN: ADV-2011-0954
XF: vlcmediaplayer-mp4read...
OVAL: oval:org.mitre.oval:de...