CVE-2011-2194
Published: 24 June 2011
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1.0.6-1ubuntu1.7)
|
|
maverick |
Released
(1.1.4-1ubuntu1.6)
|
|
natty |
Released
(1.1.9-1ubuntu1.1)
|
|
upstream |
Released
(1.1.10)
|
|
Patches: upstream: http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c |