CVE-2011-3623

Publication date 26 December 2014

Last updated 24 July 2024

Ubuntu priority

Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
vlc	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

tyhicks

1.0.1 down to 0.5.0

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.videolan.org/security/sa0901.html
http://seclists.org/oss-sec/2011/q4/59
https://www.cve.org/CVERecord?id=CVE-2011-3623