Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0531 — Improper Input Validation in VLC Media Player

CWE-20 — Improper Input Validation6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

73.3%

top 1.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player

Timeline

PublishedFeb 7

Latest updateMay 17

Description

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 1.1.7-1+3

▶NVDvideolan/vlc_media_player1.1.6.1+68

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.videolan.org ↗

🔴Vulnerability Details

GHSA

GHSA-w2cf-f7gp-7p29: demux/mkv/mkv↗2022-05-17

▶

OSV

CVE-2011-0531: demux/mkv/mkv↗2011-02-07

▶

CVEList

CVE-2011-0531: demux/mkv/mkv↗2011-02-07

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 1.1.6 - 'MKV' Memory Corruption (Metasploit)↗2011-02-08

▶

📋Vendor Advisories

Debian

CVE-2011-0531: vlc - demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1...↗2011

▶