{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2011-05-03T20:55:11Z",
  "id": "CVE-2011-1684",
  "details": "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/43890"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/44022"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2011/dsa-2218"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.videolan.org/security/sa1103.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2011/0916"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2011/0954"
    },
    {
      "type": "FIX",
      "url": "http://openwall.com/lists/oss-security/2011/04/11/17"
    },
    {
      "type": "FIX",
      "url": "http://openwall.com/lists/oss-security/2011/04/13/14"
    },
    {
      "type": "FIX",
      "url": "http://www.videolan.org/security/sa1103.html"
    },
    {
      "type": "WEB",
      "url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=5637ca8141bf39f263ecdb62035d2cb45c740821"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/04/13/17"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025373"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47293"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
    }
  ]
}