CVE-2008-4654 – VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-4654

Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. Desbordamiento de búfer basado en pila en la función parse_master en el plugin modules/demux/ty.c) en VLC Media Player v0.9.0 a la 0.9.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo TiVo TY con una cabecera que contiene un valor de tamaño manipulado. • https://www.exploit-db.com/exploits/16629 https://www.exploit-db.com/exploits/6798 https://www.exploit-db.com/exploits/6825 https://github.com/KernelErr/VLC-CVE-2008-4654-Exploit https://github.com/rnnsz/CVE-2008-4654 https://github.com/bongbongco/CVE-2008-4654 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726 http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033 http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •