CVE-2011-0522

Priority
Medium
Description
The StripTags function in (1) the USF decoder
(modules/codec/subtitles/subsdec.c) and (2) the Text decoder
(modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before
1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle
with an opening "<" without a closing ">" in an MKV file, which triggers
heap memory corruption, as demonstrated using
refined-australia-blu720p-sample.mkv.
References
Package
Source: vlc (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Upstream:http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=dc14617f39c03bbe80c3cc4f92799dca840966eb
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-15 19:36:16 UTC (commit 9690)