CVE-2011-2194
published 2011-06-24CVE-2011-2194: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
9.18%
94.7th percentile
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 1.1.10-1 (bookworm) | vlc 1.1.10-1 (bookworm) |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8w7r-2fqh-wwx8: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0
ghsa_unreviewed·2022-05-17
CVE-2011-2194 [HIGH] GHSA-8w7r-2fqh-wwx8: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
OSV
CVE-2011-2194: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0
osv·2011-06-24·CVSS 9.3
CVE-2011-2194 [CRITICAL] CVE-2011-2194: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
Debian
CVE-2011-2194: vlc - Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 ...
vendor_debian·2011·CVSS 9.3
CVE-2011-2194 [CRITICAL] CVE-2011-2194: vlc - Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 ...
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1.1.10-1)
bullseye: resolved (fixed in 1.1.10-1)
forky: resolved (fixed in 1.1.10-1)
sid: resolved (fixed in 1.1.10-1)
trixie: resolved (fixed in 1.1.10-1)
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/44892http://www.debian.org/security/2011/dsa-2257http://www.securityfocus.com/bid/48171http://www.videolan.org/security/sa1104.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774http://secunia.com/advisories/44892http://www.debian.org/security/2011/dsa-2257http://www.securityfocus.com/bid/48171http://www.videolan.org/security/sa1104.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774
2011-06-24
Published