Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-1489

Published: 25/03/2008 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Vlc

Vulnerability Summary

Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

Vulnerable Product Search on Vulmon Subscribe to Product

videolan vlc 0.8.6e

Vendor Advisories

Debian CVElist Bug Report Logs: vlc: CVE-2008-2430 heap overflow in wav fmt chunk parsing
Debian Bug report logs - #489004 vlc: CVE-2008-2430 heap overflow in wav fmt chunk parsing Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 2 Jul 2008 17:21:07 U ...
Debian CVElist Bug Report Logs: vlc: CVE-2008-0073 code execution via crafted rtsp stream
Debian Bug report logs - #473057 vlc: CVE-2008-0073 code execution via crafted rtsp stream Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 28 Mar 2008 01:18:01 U ...
Debian CVElist Bug Report Logs: vlc CVE-2008-1489: integer overflow leading to heap overflow
Debian Bug report logs - #472635 vlc CVE-2008-1489: integer overflow leading to heap overflow Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Tue, 25 Mar 2008 13:27:0 ...

Exploits

Exploit DB: Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
#!/usr/bin/python # # Kantaris 034 Media Player Local Buffer Overflow [0day!] # # The following exploit will make a filmssa file, # just rename the file with the name of your movie, and use your imagination # to pwn! :) # Shellcode is local bind shell, just telnet to port:4444 to get command prompt :) # # BIG thanks to muts <muts[at]offensi ...

References

CWE-189http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0ahttp://secunia.com/advisories/29503http://www.debian.org/security/2008/dsa-1543http://secunia.com/advisories/29766http://security.gentoo.org/glsa/glsa-200804-25.xmlhttp://wiki.videolan.org/Changelog/0.8.6fhttp://www.videolan.org/security/sa0803.phphttp://secunia.com/advisories/29800http://www.vupen.com/english/advisories/2008/0985http://www.securityfocus.com/bid/28433https://exchange.xforce.ibmcloud.com/vulnerabilities/41412https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489004https://www.exploit-db.com/exploits/5498/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook