CVE-2011-0522

by Fred · 07/02/2011

The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.

Date published : 2011-02-07

http://www.securityfocus.com/bid/46008

http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=tag;h=bb16813ddb61a53113c71bccc525559405785452

CVE-2011-0522

Similar

Recent Posts

Categories

CVE-2011-0522

Share this:

Similar

Recent Posts

Categories

Tags