CVE-2011-1684
vlc - heap-based buffer overflow
EPSS 4.9%
Description
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
How to fix CVE-2011-1684
To remediate CVE-2011-1684, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 1.1.8-3 or later
- Debian/vlc—upgrade to 1.1.3-1squeeze5 or later
Is CVE-2011-1684 being exploited?
Low — EPSS is 4.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.1.8-3
- from 0, < 1.1.3-1squeeze5