9.3 - CVE-2011-0531

Executive Summary

Informations
Name	CVE-2011-0531	First vendor Publication	2011-02-07
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0531

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11992

Oval ID:	oval:org.mitre.oval:def:11992
Title:	DSA-2211-1 vlc -- missing input sanitising
Description:	Ricardo Narvaja discovered that missing input sanitising in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file. This update also provides updated packages for oldstable for vulnerabilities, which have already been addressed in Debian stable , either during the freeze or in DSA-2159
Family:	unix	Class:	patch
Reference(s):	DSA-2211-1 CVE-2010-3275 CVE-2010-3276 CVE-2010-0522 CVE-2010-1441 CVE-2010-1442 CVE-2011-0531	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	vlc
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND vlc DPKG is earlier than 0.8.6.h-4+lenny3 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND vlc DPKG is earlier than 1.1.3-1squeeze4

Definition Id: oval:org.mitre.oval:def:12415

Oval ID:	oval:org.mitre.oval:def:12415
Title:	Denial of service vulnerability in the MKV demuxer plugin in VideoLAN VLC media player in VideoLAN VLC Media Player before 1.1.7
Description:	demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-0531	Version:	9
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Check the file libmkv_plugin.dll in plugin directory AND Check if VLC media player version is less than 1.1.7

Definition Id: oval:org.mitre.oval:def:12718

Oval ID:	oval:org.mitre.oval:def:12718
Title:	DSA-2159-1 vlc -- missing input sanitising
Description:	Dan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-2159-1 CVE-2011-0531	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	vlc
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND vlc DPKG is earlier than 1.1.3-1squeeze3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Videolan Vlc Media Player cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.6:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.5:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.4:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.3:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.2:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.1:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.0:::::::* cpe:2.3:a:videolan:vlc_media_player:1.1.0:rc1:::::: cpe:2.3:a:videolan:vlc_media_player:1.0.6:::::::* cpe:2.3:a:videolan:vlc_media_player:1.0.5:::::::* cpe:2.3:a:videolan:vlc_media_player:1.0.4:::::::* cpe:2.3:a:videolan:vlc_media_player:1.0.3:::::::* cpe:2.3:a:videolan:vlc_media_player:1.0.2:::::::* cpe:2.3:a:videolan:vlc_media_player:1.0.1:::::::* cpe:2.3:a:videolan:vlc_media_player:1.0.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.9a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.9:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.8a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.8:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.7:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.6:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.5:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.4:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.3:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.10:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.9:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6i:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6h:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6g:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6f:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6e:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6d:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6c:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6b:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.5:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.5:test3:::::: cpe:2.3:a:videolan:vlc_media_player:0.8.5:test4:::::: cpe:2.3:a:videolan:vlc_media_player:0.8.4a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.4:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.4:test2:::::: cpe:2.3:a:videolan:vlc_media_player:0.8.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.1337:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.2:test3:::::: cpe:2.3:a:videolan:vlc_media_player:0.7.2:test2:::::: cpe:2.3:a:videolan:vlc_media_player:0.7.1a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.6.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.6.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.6.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.3:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.1a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.6:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.5:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.4:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.3-ac3:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.3:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.3.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.3.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.92:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.91:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.90:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.83:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.82:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.81:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.80:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.73:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.72:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.71:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.70:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.63:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.62:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.61:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.60:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.50:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99i:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99h:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99g:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99f:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99e:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99d:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99c:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99b:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99a:::::::* cpe:2.3:a:videolan:vlc_media_player:::::::: cpe:2.3:a:videolan:vlc_media_player::::::iphone_os::* cpe:2.3:a:videolan:vlc_media_player::::::macos::* cpe:2.3:a:videolan:vlc_media_player:-:::::::*	105

SAINT Exploits

Description	Link
VideoLAN VLC Media Player MKV Demuxer Code Execution	More info here

OpenVAS Exploits

Date	Description
2011-05-12	Name : Debian Security Advisory DSA 2211-1 (vlc) File : nvt/deb_2211_1.nasl
2011-03-07	Name : Debian Security Advisory DSA 2159-1 (vlc) File : nvt/deb_2159_1.nasl
2011-03-05	Name : FreeBSD Ports: vlc File : nvt/freebsd_vlc4.nasl
2011-02-23	Name : VLC Media Player '.mkv' Code Execution Vulnerability (Linux) File : nvt/secpod_vlc_media_player_code_exec_vuln_lin.nasl
2011-02-23	Name : VLC Media Player '.mkv' Code Execution Vulnerability (Windows) File : nvt/secpod_vlc_media_player_code_exec_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
70698	VLC Media Player MKV Demuxer modules/demux/mkv/mkv.hpp MKV_IS_ID Macro Arbitr... VLC Media Player contains an input validation error within the 'MKV_IS_ID' macro in 'modules/demux/mkv/mkv.hpp' of the MKV demuxer. This may be exploited by a context-dependent attacker with a crafted MKV file to execute arbitrary code.

Snort® IPS/IDS

Date	Description
2014-01-10	VideoLAN VLC webm memory corruption attempt RuleID : 24283 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10	VideoLAN VLC webm memory corruption attempt RuleID : 20227 - Revision : 12 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

Date	Description
2014-11-06	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201411-01.nasl - Type : ACT_GATHER_INFO
2011-04-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2211.nasl - Type : ACT_GATHER_INFO
2011-02-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2159.nasl - Type : ACT_GATHER_INFO
2011-02-02	Name : The remote Windows host contains an media player that is affected by a code e... File : vlc_1_1_7.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943...

Source	Url
BID	http://www.securityfocus.com/bid/46060
CONFIRM	http://www.videolan.org/security/sa1102.html
DEBIAN	http://www.debian.org/security/2011/dsa-2159
MLIST	http://www.openwall.com/lists/oss-security/2011/01/31/4 http://www.openwall.com/lists/oss-security/2011/01/31/8
OSVDB	http://osvdb.org/70698
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK	http://www.securitytracker.com/id?1025018
SECUNIA	http://secunia.com/advisories/43131 http://secunia.com/advisories/43242
VUPEN	http://www.vupen.com/english/advisories/2011/0363
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/65045

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-07 21:47:29	Multiple Updates
2023-03-03 12:12:02	Multiple Updates
2021-05-04 12:13:56	Multiple Updates
2021-04-22 01:15:05	Multiple Updates
2020-05-23 13:16:57	Multiple Updates
2020-05-23 01:43:48	Multiple Updates
2020-05-23 00:27:43	Multiple Updates
2019-07-19 12:00:50	Multiple Updates
2017-09-19 09:24:11	Multiple Updates
2017-08-17 09:23:17	Multiple Updates
2017-07-01 12:01:50	Multiple Updates
2016-06-28 18:31:54	Multiple Updates
2016-04-26 20:31:22	Multiple Updates
2014-11-07 13:26:10	Multiple Updates
2014-02-17 11:00:08	Multiple Updates
2014-01-19 21:27:29	Multiple Updates
2013-05-10 22:53:57	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	105
Sources(s)	13
Saint Exploit(s)	1
osvdb(s)	1
Openvas Exploit(s)	5
Snort® Rule(s)	2
Nessus® Exploit(s)	4

	Related
9.3	GLSA-201411-01
9.3	DSA-2211
9.3	DSA-2159
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)