New Search

Heap based memory corruption vulnerability in "StripTags()" function within the USF and Text subtitles decoders in VideoLAN VLC Media Player 1.1 before 1.1.6

oval:org.mitre.oval:def:12414

The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file which triggers heap memory corruption as demonstrated using refined-australia-blu720p-sample.mkv.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 7
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2011-0522
Product(s):
  • VLC Media Player