Lucene search

[email protected]CVE-2008-0295

HistoryJan 16, 2008 - 10:00 p.m.

CVE-2008-0295

2008-01-1622:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0295

buffer overflow

xine library

denial of service

remote execution

sdp

videolan vlc media player

nvd

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.046 Low

EPSS

Percentile

92.6%

JSON

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

Affected configurations

NVD

Node

videolanvlc_media_playerRange≤0.8.6d

CPENameOperatorVersion
videolan:vlc_media_playervideolan vlc media playerle0.8.6d

CPE	Name	Operator	Version
videolan:vlc_media_player	videolan vlc media player	le	0.8.6d

References

aluigi.altervista.org/adv/vlcxhof-adv.txt

secunia.com/advisories/28383

secunia.com/advisories/29284

secunia.com/advisories/29766

www.debian.org/security/2008/dsa-1543

www.gentoo.org/security/en/glsa/glsa-200803-13.xml

www.securityfocus.com/bid/27221

www.vupen.com/english/advisories/2008/0105

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.046 Low

EPSS

Percentile

92.6%

JSON

Related for CVE-2008-0295

prion1 ubuntucve1 nvd1 debiancve1 cvelist1 gentoo1 openvas4 nessus2 debian1 osv1