CVE-2011-1684

Current Description

Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.

Basic Data

PublishedMay 03, 2011
Last ModifiedSeptember 19, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationVideolanVlc Media Player1.0.0*******
    2.3ApplicationVideolanVlc Media Player1.0.1*******
    2.3ApplicationVideolanVlc Media Player1.0.2*******
    2.3ApplicationVideolanVlc Media Player1.0.3*******
    2.3ApplicationVideolanVlc Media Player1.0.4*******
    2.3ApplicationVideolanVlc Media Player1.0.5*******
    2.3ApplicationVideolanVlc Media Player1.0.6*******
    2.3ApplicationVideolanVlc Media Player1.1.0*******
    2.3ApplicationVideolanVlc Media Player1.1.1*******
    2.3ApplicationVideolanVlc Media Player1.1.2*******
    2.3ApplicationVideolanVlc Media Player1.1.3*******
    2.3ApplicationVideolanVlc Media Player1.1.4*******
    2.3ApplicationVideolanVlc Media Player1.1.5*******
    2.3ApplicationVideolanVlc Media Player1.1.6*******
    2.3ApplicationVideolanVlc Media Player1.1.6.1*******
    2.3ApplicationVideolanVlc Media Player1.1.7*******
    2.3ApplicationVideolanVlc Media Player1.1.8*******

Vulnerable Software List

VendorProductVersions
Videolan Vlc Media Player 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.6.1, 1.1.7, 1.1.8

References

NameSourceURLTags
http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821CONFIRMPatch
[oss-security] 20110412 CVE id request: vlchttp://openwall.com/lists/oss-security/2011/04/11/17MLISTPatch
[oss-security] 20110413 Re: CVE id request: vlchttp://openwall.com/lists/oss-security/2011/04/13/14MLISTPatch
[oss-security] 20110413 Re: CVE id request: vlchttp://openwall.com/lists/oss-security/2011/04/13/17MLIST
43890http://secunia.com/advisories/43890SECUNIAVendor Advisory
44022http://secunia.com/advisories/44022SECUNIAVendor Advisory
1025373http://securitytracker.com/id?1025373SECTRACK
DSA-2218http://www.debian.org/security/2011/dsa-2218DEBIAN
47293http://www.securityfocus.com/bid/47293BID
http://www.videolan.org/security/sa1103.htmlhttp://www.videolan.org/security/sa1103.htmlCONFIRMPatch Vendor Advisory
ADV-2011-0916http://www.vupen.com/english/advisories/2011/0916VUPENVendor Advisory
ADV-2011-0954http://www.vupen.com/english/advisories/2011/0954VUPENVendor Advisory
vlcmediaplayer-mp4readboxskcr-bo(66664)https://exchange.xforce.ibmcloud.com/vulnerabilities/66664XF
oval:org.mitre.oval:def:14741https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741OVAL