CVE-2008-4686
VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
Múltiples desbordamientos de enteros en el archivo ty.c en el plugin TY demux (también se conoce como TiVo demuxer) en reproductor multimedia VideoLAN VLC, probablemente versión 0.9.4, podría permitir a los atacantes remotos ejecutar código arbitrario por medio de un archivo .ty diseñado, una vulnerabilidad diferente de CVE-2008-4654.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-10-21 First Exploit
- 2008-10-22 CVE Reserved
- 2008-10-22 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3 | X_refsource_confirm | |
http://www.openwall.com/lists/oss-security/2008/10/19/2 | Mailing List | |
http://www.openwall.com/lists/oss-security/2008/10/22/6 | Mailing List | |
http://www.securityfocus.com/bid/31867 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/6798 | 2008-10-21 | |
https://www.exploit-db.com/exploits/6825 | 2008-10-23 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.0 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.0" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.1 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.1" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.2 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.2" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.3 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.3" | - |
Affected
| ||||||
Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.4 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.4" | - |
Affected
|