CVE-2011-0531 - VLC - MKV improper input validation
Christophe Mutricy
xtophe at chewa.net
Mon Feb 7 23:17:00 UTC 2011
Hello,
Dan Rosenberg has discovered that improper input validation in the MKV
(and Webm) demux module could lead to corrupt memory and arbitrary code
execution. PoC MKV targetted at windows make possible to start calc.exe.
(CVE-2011-0531, VideoLAN-SA-1102[1])
VLC 1.1.7 fixes this issue.
I have taken the upstream patch and prepared an upload in our git[2] in
the squeeze branch.
Also attached is a debdiff.
Regards
[1] http://www.videolan.org/security/sa1102.html
[2] git://git.debian.org/pkg-multimedia/vlc.git
--
Xtophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vlc_1.1.3-1squeeze2_1.1.3-1squeeze3.diff
Type: text/x-diff
Size: 2378 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20110208/5226ed92/attachment.diff>
More information about the pkg-multimedia-maintainers
mailing list