Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2194 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-1896 documents6 sources
Severity
9.3CRITICALNVD
EPSS
14.4%
top 5.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedJun 24
Latest updateMay 17

Description

Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

â–¶Debianvideolan/vlc_media_player< 1.1.10-1+3
â–¶NVDvideolan/vlc_media_player40 versions+39

🔴Vulnerability Details

3
GHSA
GHSA-8w7r-2fqh-wwx8: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0↗2022-05-17
â–¶
OSV
CVE-2011-2194: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0↗2011-06-24
â–¶
CVEList
CVE-2011-2194: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0↗2011-06-24
â–¶

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow↗2011-06-08
â–¶

📋Vendor Advisories

1
Debian
CVE-2011-2194: vlc - Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 ...↗2011
â–¶
CVE-2011-2194 — Videolan VLC Media Player vulnerability | cvebase