CVE-2011-0522

The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
videolanvlc_media_player
1.1.0
videolanvlc_media_player
1.1.1
videolanvlc_media_player
1.1.2
videolanvlc_media_player
1.1.3
videolanvlc_media_player
1.1.4
videolanvlc_media_player
1.1.5
videolanvlc_media_player
1.1.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vlc
bullseye (security)
3.0.21-0+deb11u1
fixed
bullseye
3.0.21-0+deb11u1
fixed
bookworm
3.0.21-0+deb12u1
fixed
bookworm (security)
3.0.21-0+deb12u1
fixed
sid
3.0.21-2
fixed
trixie
3.0.21-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vlc
natty
not-affected
maverick
Fixed 1.1.4-1ubuntu1.3
released
lucid
Fixed 1.0.6-1ubuntu1.4
released
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git%3Ba=tag%3Bh=bb16813ddb61a53113c71bccc525559405785452
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html
http://securityreason.com/securityalert/8064
http://www.exploit-db.com/exploits/16108
http://www.openwall.com/lists/oss-security/2011/01/25/7
http://www.openwall.com/lists/oss-security/2011/01/25/9
http://www.securityfocus.com/bid/46008
http://www.vupen.com/english/advisories/2011/0225
https://exchange.xforce.ibmcloud.com/vulnerabilities/65029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12414
http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git%3Ba=tag%3Bh=bb16813ddb61a53113c71bccc525559405785452
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html
http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html
http://securityreason.com/securityalert/8064
http://www.exploit-db.com/exploits/16108
http://www.openwall.com/lists/oss-security/2011/01/25/7
http://www.openwall.com/lists/oss-security/2011/01/25/9
http://www.securityfocus.com/bid/46008
http://www.vupen.com/english/advisories/2011/0225
https://exchange.xforce.ibmcloud.com/vulnerabilities/65029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12414