CVE-2011-1684

EPSS 4.9%

vlc - heap-based buffer overflow

Published: 5/3/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-1684

Description

Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.

Affected packages (2)

Debian/vlcfrom 0, < 1.1.8-3
Debian/vlcfrom 0, < 1.1.3-1squeeze5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1684