Lucene search

PRIOn knowledge basePRION:CVE-2008-4686

HistoryOct 22, 2008 - 6:00 p.m.

Integer overflow

2008-10-2218:00:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.753 High

EPSS

Percentile

98.2%

JSON

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

CPENameOperatorVersion
vlc_media_playereq0.9.0
vlc_media_playereq0.9.4
vlc_media_playereq0.9.1
vlc_media_playereq0.9.2
vlc_media_playereq0.9.3

Name	Operator	Version
vlc_media_player	eq	0.9.0
vlc_media_player	eq	0.9.4
vlc_media_player	eq	0.9.1
vlc_media_player	eq	0.9.2
vlc_media_player	eq	0.9.3

References

git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3

www.openwall.com/lists/oss-security/2008/10/19/2

www.openwall.com/lists/oss-security/2008/10/22/6

www.securityfocus.com/bid/31867

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630