Home

CVE-2011-0522

Description

The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening < without a closing > in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
66.39

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in VLC Media Player (X64) 1.1.6Windows
Multiple vulnerabilities affected in VLC Media Player 1.1.6Windows
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 1.1.0Windows
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 1.1.1Windows
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 1.1.2Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 1.1.0Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 1.1.1Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 1.1.2Windows
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 1.1.3Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 1.1.3Windows
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 1.1.4Windows
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 1.1.5Windows
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 1.1.6Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 1.1.4Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 1.1.5Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 1.1.6Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-339135VLC Media Player (X64) (3.0.21)
PATCH-339134VLC Media Player (3.0.21)
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234