Lucene search

K
cve[email protected]CVE-2008-1881
HistoryApr 17, 2008 - 11:05 p.m.

CVE-2008-1881

2008-04-1723:05:00
CWE-119
web.nvd.nist.gov
35
cve-2008-1881
stack-based buffer overflow
parsessa function
vlc 0.8.6e
remote code execution
ssa file
incomplete fix

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.25 Low

EPSS

Percentile

96.7%

Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

Affected configurations

NVD
Node
videolanvlcMatch0.8.6e
CPENameOperatorVersion
videolan:vlcvideolan vlceq0.8.6e

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.25 Low

EPSS

Percentile

96.7%