CVE-2008-4654
VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
7
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
Desbordamiento de búfer basado en pila en la función parse_master en el plugin modules/demux/ty.c) en VLC Media Player v0.9.0 a la 0.9.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo TiVo TY con una cabecera que contiene un valor de tamaño manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-10-21 CVE Reserved
- 2008-10-21 CVE Published
- 2008-10-21 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (19)
URL | Tag | Source |
---|---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726 | X_refsource_confirm | |
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033 | X_refsource_confirm | |
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7eaa39c462d65e9133 | X_refsource_confirm | |
http://securityreason.com/securityalert/4460 | Third Party Advisory | |
http://www.openwall.com/lists/oss-security/2008/10/19/2 | Mailing List | |
http://www.securityfocus.com/archive/1/497587/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/31813 | Vdb Entry | |
http://www.vupen.com/english/advisories/2008/2856 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/45960 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/16629 | 2011-02-02 | |
https://www.exploit-db.com/exploits/6798 | 2008-10-21 | |
https://www.exploit-db.com/exploits/6825 | 2008-10-23 | |
https://github.com/KernelErr/VLC-CVE-2008-4654-Exploit | 2017-08-18 | |
https://github.com/rnnsz/CVE-2008-4654 | 2021-05-31 | |
https://github.com/bongbongco/CVE-2008-4654 | 2017-07-02 | |
http://www.trapkit.de/advisories/TKADV2008-010.txt | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/32339 | 2023-11-07 | |
http://www.videolan.org/security/sa0809.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.1 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.1" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.2 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.2" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.3 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.3" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.4 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.4" | - |
Affected
|