CVE-2008-4686

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*

History

21 Nov 2024, 00:52

Type Values Removed Values Added
References () http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3 - () http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3 -
References () http://www.openwall.com/lists/oss-security/2008/10/19/2 - () http://www.openwall.com/lists/oss-security/2008/10/19/2 -
References () http://www.openwall.com/lists/oss-security/2008/10/22/6 - () http://www.openwall.com/lists/oss-security/2008/10/22/6 -
References () http://www.securityfocus.com/bid/31867 - () http://www.securityfocus.com/bid/31867 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630 -

07 Nov 2023, 02:02

Type Values Removed Values Added
References
  • {'url': 'http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3', 'name': 'http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3 -

Information

Published : 2008-10-22 18:00

Updated : 2024-11-21 00:52


NVD link : CVE-2008-4686

Mitre link : CVE-2008-4686

CVE.ORG link : CVE-2008-4686


JSON object : View

Products Affected

videolan

  • vlc_media_player
CWE
CWE-189

Numeric Errors