Launchpad.net

CVE 2011-2588

Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.

Related bugs and status

CVE-2011-2588 (Candidate) is related to these bugs:

Bug #807486: vlc: RealMedia demuxer integer overflow

		In	Importance	Status
807486	vlc: RealMedia demuxer integer overflow	vlc (Ubuntu)	Undecided	Fix Released
807486	vlc: RealMedia demuxer integer overflow	VLC media player	Critical	Fix Released
807486	vlc: RealMedia demuxer integer overflow	vlc (Debian)	Unknown	Fix Released
807486	vlc: RealMedia demuxer integer overflow	vlc (Ubuntu Maverick)	Undecided	Fix Released
807486	vlc: RealMedia demuxer integer overflow	vlc (Ubuntu Natty)	Undecided	Fix Released

Bug #807488: vlc: AVI demuxer integer overflow

		In	Importance	Status
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu)	Undecided	Fix Released
807488	vlc: AVI demuxer integer overflow	VLC media player	Critical	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Debian)	Unknown	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu Lucid)	Undecided	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu Maverick)	Undecided	Fix Released
807488	vlc: AVI demuxer integer overflow	vlc (Ubuntu Natty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-2588

Related bugs and status

Related bugs

References