Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4654

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4654
Last Modified 27 Jan 2012 12:33:11
Published 21 Oct 2008 08:11:51
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4654

Summary

Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.

Vulnerable Systems

Application

  • Videolan Vlc Media Player 0.9

  • Videolan Vlc Media Player 0.9.1

  • Videolan Vlc Media Player 0.9.2

  • Videolan Vlc Media Player 0.9.3

  • Videolan Vlc Media Player 0.9.4


References

XF - vlcmediaplayer-ty-bo(45960)

VUPEN - ADV-2008-2856

CONFIRM - http://www.videolan.org/security/sa0809.html

MISC - http://www.trapkit.de/advisories/TKADV2008-010.txt

BID - 31813

BUGTRAQ - 20081020 [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability

MLIST - [oss-security] 20081019 CVE id request: vlc

SREASON - 4460

SECUNIA - 32339

CONFIRM - http://git.videolan.org/?p=vlc.git;a=commitdiff;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133

CONFIRM - http://git.videolan.org/?p=vlc.git;a=commit;h=fde9e1cc1fe1ec9635169fa071e42b3aa6436033

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726


Last Updated: 27 May 2016 10:48:34