CVE-2011-0531

EPSS 73.3%

vlc - missing input sanitising

Published: 2/7/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-0531

Description

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

Affected packages (2)

Debian/vlcfrom 0, < 1.1.7-1
Debian/vlcfrom 0, < 1.1.3-1squeeze3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-0531