CVE-2011-2588

Опубликовано: 27 июл. 2011

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Уязвимость переполнения буфера в функции AVI_ChunkRead_strf медиаплеера VideoLAN VLC через специально созданный AVI файл

Описание

В функции AVI_ChunkRead_strf в файле libavi.c, используемой в AVI демультиплексоре медиаплеера VideoLAN VLC, обнаружена уязвимость переполнения буфера в куче. Эта уязвимость позволяет злоумышленникам вызвать DoS атаку (аварийное завершение работы приложения) или даже выполнить произвольный код посредством специально созданного AVI медиафайла.

Затронутые версии ПО

VideoLAN VLC media player версии до 1.1.11.

Тип уязвимости

Удалённое выполнение кода и DoS атака

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*

Версия до 1.1.10.1 (включая)

cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02491

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2011-2588

ubuntu

больше 14 лет назад

Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.

CVE-2011-2588

debian

больше 14 лет назад

Heap-based buffer overflow in the AVI_ChunkRead_strf function in libav ...

GHSA-8vhx-fvcj-mfx3

github

больше 3 лет назад

EPSS

Процентиль: 85%

0.02491

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-119