NVD Vulnerability Detail

CVE-2011-1087

Summary	Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
Publication Date	May 4, 2011, 4:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:25 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:videolan:vlc_media_player:1.0.5:::::::*

Related information, measures and tools

No	URL	タグ
1	http://openwall.com/lists/oss-security/2011/03/02/3
2	http://openwall.com/lists/oss-security/2011/03/03/8
3	http://openwall.com/lists/oss-security/2011/03/03/9
4	http://openwall.com/lists/oss-security/2011/03/28/7
5	http://secunia.com/advisories/38853	Vendor Advisory
6	http://www.osvdb.org/62728
7	http://www.securityfocus.com/bid/38569	Exploit
8	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php	Exploit
9	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532
10	http://openwall.com/lists/oss-security/2011/03/02/3
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532
12	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php	Exploit
13	http://www.securityfocus.com/bid/38569	Exploit
14	http://www.osvdb.org/62728
15	http://secunia.com/advisories/38853	Vendor Advisory
16	http://openwall.com/lists/oss-security/2011/03/28/7
17	http://openwall.com/lists/oss-security/2011/03/03/9
18	http://openwall.com/lists/oss-security/2011/03/03/8

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

VideoLAN VLC media player におけるバッファオーバーフローの脆弱性

Title	VideoLAN VLC media player におけるバッファオーバーフローの脆弱性
Summary	VideoLAN VLC media player には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、ブックマーク作成時に再生される巧妙に細工された .mp3 ファイルを介して、サービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態になる、または任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 3, 2011, midnight
Registration Date	March 27, 2012, 6:43 p.m.
Last Update	March 27, 2012, 6:43 p.m.

Affected System

VideoLAN

VLC media player 1.0.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1087	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1087
National Vulnerability Database (NVD)
2	CVE-2011-1087	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1087

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
VideoLAN
1	VLC media player	http://www.videolan.org/vlc/

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載	Feb. 17, 2018, 10:37 a.m.