CVE-2011-0531
vlc - missing input sanitising
EPSS 73.3%
Description
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
How to fix CVE-2011-0531
To remediate CVE-2011-0531, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 1.1.7-1 or later
- Debian/vlc—upgrade to 1.1.3-1squeeze3 or later
Is CVE-2011-0531 being exploited?
Likely — EPSS is 73.3%, placing CVE-2011-0531 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1.1.7-1
- from 0, < 1.1.3-1squeeze3