CVE-2011-0531
EPSS 73.3%vlc - missing input sanitising
發布日:2011/2/7修改日:2026/4/28
描述
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
受影響套件(2)
- Debian/vlcfrom 0, < 1.1.7-1
- Debian/vlcfrom 0, < 1.1.3-1squeeze3