Debian Security Advisory
DSA-2257-1 vlc -- heap-based buffer overflow
- Date Reported:
- 10 Jun 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-2194.
- More information:
Rocco Calvi discovered that the XSPF playlist parser of VLC, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file.
The oldstable distribution (lenny) is not affected by this problem.
For the stable distribution (squeeze), this problem has been fixed in version 1.1.3-1squeeze6.
For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon.
We recommend that you upgrade your vlc packages.