CVE-2011-2588

Publication date 27 July 2011

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vlc	11.04 natty	Fixed 1.1.9-1ubuntu1.3
	10.10 maverick	Fixed 1.1.4-1ubuntu1.7
	10.04 LTS lucid	Fixed 1.0.6-1ubuntu1.8
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2011-2588