VLC Media Player < 1.1.10 XSPF Playlist Parser Integer Overflow

High Log Correlation Engine Plugin ID 801174


The remote host contains an application that allows arbitrary code execution.


The remote host contains VLC player, a multi-media application.

Versions of VLC media player earlier than 1.1.10 are potentially affected by an integer overflow in the XSPF playlist parser. Exploiting this vulnerability can lead to application crashes and possibly code execution.


Upgrade to VLC Media Player version 1.1.10 or later.

See Also



Plugin Details

Severity: High

ID: 801174

File Name: 801174.prm

Family: Web Clients

Published: 2011/06/09

Nessus ID: 55024

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2011/06/06

Vulnerability Publication Date: 2011/06/07

Reference Information

CVE: CVE-2011-2194

BID: 48171