ID CVE-2008-4686
Summary Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
References
Vulnerable Configurations
  • cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 29-09-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2012-11-19T04:00:15.414-05:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment VLC media player is installed
oval oval:org.mitre.oval:def:11821
description Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
family windows
id oval:org.mitre.oval:def:14630
status accepted
submitted 2012-01-24T15:20:33.178-04:00
title Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player
version 6
refmap via4
bid 31867
confirm http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3
mlist
  • [oss-security] 20081019 CVE id request: vlc
  • [oss-security] 20081022 Re: CVE id request: vlc
Last major update 29-09-2017 - 01:32
Published 22-10-2008 - 18:00
Back to Top