CVE-2011-0531

Priority
Medium
Description
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player
1.1.6.1 and earlier allows remote attackers to cause a denial of service
(crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska)
file that triggers memory corruption, related to "class mismatching" and
the MKV_IS_ID macro.
References
Assigned-to
bdrung
Package
Source: vlc (LP Ubuntu Debian)
Upstream:released (1.1.7-1)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.0.6-1ubuntu1.5)
Ubuntu 11.04 (Natty Narwhal):not-affected (1.1.7-1ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (1.1.7-1ubuntu1)
Patches:
Patch:http://git.videolan.org/?p=vlc.git;a=commit;h=59491dcedffbf97612d2c572943b56ee4289dd07
Debdiff:https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/714089
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:47 UTC (commit 5347)