Lucene search
Ubuntu.comUB:CVE-2008-3794HistoryAug 26, 2008 - 12:00 a.m.
CVE-2008-3794
2008-08-2600:00:00
ubuntu.com
ubuntu.com
12
0.152 Low
EPSS
Percentile
95.8%
Integer signedness error in the mms_ReceiveCommand function in
modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote
attackers to execute arbitrary code via a crafted mmst link with a negative
size value, which bypasses a size check and triggers an integer overflow
followed by a heap-based buffer overflow.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | PoC: http://www.milw0rm.com/exploits/6293 |
Related
debiancve
debiancve
CVE-2008-3794
2008-08-26 15:41:00
cve
cve
CVE-2008-3794
2008-08-26 15:41:00
prion
prion
Integer overflow
2008-08-26 15:41:00
cvelist
cvelist
CVE-2008-3794
2008-08-26 15:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200809-06 (vlc)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200809-06 (vlc)
2008-09-24 00:00:00
Debian Security Advisory DSA 1819-1 (vlc)
2009-06-23 00:00:00
securityvulns
securityvulns
[ GLSA 200809-06 ] VLC: Multiple vulnerabilities
2008-09-09 00:00:00
VLC Media Player integer overflow
2008-09-09 00:00:00
nessus
nessus
GLSA-200809-06 : VLC: Multiple vulnerabilities
2008-09-08 00:00:00
Debian DSA-1819-1 : vlc - several vulnerabilities
2009-06-19 00:00:00
gentoo
gentoo
VLC: Multiple vulnerabilities
2008-09-07 00:00:00
osv
osv
vlc - several vulnerabilities
2009-06-18 00:00:00
debian
debian
[SECURITY] [DSA 1819-1] New vlc packages fix several vulnerabilities
2009-06-18 13:14:01