Vulnerability Name:

CVE-2011-0522 (CCN-65029)

Assigned:2011-01-16
Published:2011-01-16
Updated:2017-09-19
Summary:The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-0522

Source: CCN
Type: VideoLAN GIT Repository
VideoLAN

Source: CONFIRM
Type: Patch
http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=tag;h=bb16813ddb61a53113c71bccc525559405785452

Source: CCN
Type: vlc-devel Mailing List, Sun Jan 16 11:58:17 CET 2011
Subtitle StripTags heap corruption, potentially exploitable. Patch included

Source: MLIST
Type: Patch
[vlc-devel] 20110116 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included

Source: MLIST
Type: UNKNOWN
[vlc-devel] 20110117 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included

Source: SREASON
Type: UNKNOWN
8064

Source: EXPLOIT-DB
Type: Exploit
16108

Source: MLIST
Type: Patch
[oss-security] 20110125 CVE Request: VLC Subtitle StripTags heap corruption

Source: MLIST
Type: Patch
[oss-security] 20110125 Re: CVE Request: VLC Subtitle StripTags heap corruption

Source: CCN
Type: OSVDB ID: 72905
VLC Media Player USF Decoder modules/codec/subtitles/subsdec.c StripTags Function MKV File Subtitle Arbitrary Code Execution

Source: CCN
Type: OSVDB ID: 72906
VLC Media Player Text Decoder modules/codec/subtitles/subsusf.c StripTags Function MKV File Subtitle Arbitrary Code Execution

Source: BID
Type: Exploit
46008

Source: CCN
Type: BID-46008
VLC Media Player Subtitle 'StripTags()' Function Memory Corruption Vulnerability

Source: CCN
Type: VideoLAN Web site
VideoLAN: Free Multimedia Solutions

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0225

Source: XF
Type: UNKNOWN
vlcmediaplayer-usf-bo(65029)

Source: XF
Type: UNKNOWN
vlcmediaplayer-usf-bo(65029)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12414

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [02-03-2011]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12414
    V
    		Heap based memory corruption vulnerability in "StripTags()" function within the USF and Text subtitles decoders in VideoLAN VLC Media Player 1.1 before 1.1.6
    2012-11-19
    BACK
    videolan vlc media player 1.1.0
    videolan vlc media player 1.1.1
    videolan vlc media player 1.1.2
    videolan vlc media player 1.1.3
    videolan vlc media player 1.1.4
    videolan vlc media player 1.1.5
    videolan vlc media player 1.1.6
    videolan vlc media player 1.1.5