CVE-2008-4654

2008-10-2200:11:51

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4654

stack-based buffer overflow

vlc media player

ty demux plugin

nvd

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.753 High

EPSS

Percentile

98.2%

JSON

Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.

Affected configurations

NVD

Node

videolanvlc_media_playerMatch0.9

videolanvlc_media_playerMatch0.9.1

videolanvlc_media_playerMatch0.9.2

videolanvlc_media_playerMatch0.9.3

videolanvlc_media_playerMatch0.9.4

CPENameOperatorVersion
videolan:vlc_media_playervideolan vlc media playereq0.9
videolan:vlc_media_playervideolan vlc media playereq0.9.1
videolan:vlc_media_playervideolan vlc media playereq0.9.2
videolan:vlc_media_playervideolan vlc media playereq0.9.3
videolan:vlc_media_playervideolan vlc media playereq0.9.4

CPE	Name	Operator	Version
videolan:vlc_media_player	videolan vlc media player	eq	0.9
videolan:vlc_media_player	videolan vlc media player	eq	0.9.1
videolan:vlc_media_player	videolan vlc media player	eq	0.9.2
videolan:vlc_media_player	videolan vlc media player	eq	0.9.3
videolan:vlc_media_player	videolan vlc media player	eq	0.9.4