Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1489

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1489
Last Modified 27 Jan 2012 12:32:39
Published 24 Mar 2008 08:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1489

Summary

Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

Vulnerable Systems

Application

  • Videolan Vlc 0.8.6e


References

XF - vlcmediaplayer-mp4readbox-rdrf-bo(41412)

VUPEN - ADV-2008-0985

BID - 28433

CONFIRM - http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

CONFIRM - http://www.videolan.org/security/sa0803.php

DEBIAN - DSA-1543

CONFIRM - http://wiki.videolan.org/Changelog/0.8.6f

GENTOO - GLSA-200804-25

SECUNIA - 29800

SECUNIA - 29766

SECUNIA - 29503


Last Updated: 27 May 2016 10:47:08