CVE-2011-1087 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.6HIGHNVD

EPSS

9.1%

top 7.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedMay 3

Latest updateMay 17

Description

Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 1.1.10-1+3

▶NVDvideolan/vlc_media_player1.0.5

🔴Vulnerability Details

GHSA

GHSA-qvq4-69gg-r8gx: Buffer overflow in VideoLAN VLC media player 1↗2022-05-17

▶

OSV

CVE-2011-1087: Buffer overflow in VideoLAN VLC media player 1↗2011-05-03

▶

CVEList

CVE-2011-1087: Buffer overflow in VideoLAN VLC media player 1↗2011-05-03

▶

📋Vendor Advisories

Debian

CVE-2011-1087: vlc - Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote a...↗2011

▶