Published: 25/04/2008 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple integer overflows in VLC prior to 0.8.6f allow remote malicious users to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc 0.1.99f
videolan vlc 0.1.99g
videolan vlc 0.2.62
videolan vlc 0.2.63
videolan vlc 0.1.99
videolan vlc 0.1.99a
videolan vlc 0.1.99h
videolan vlc 0.1.99i
videolan vlc 0.2.70
videolan vlc 0.2.71
videolan vlc 0.1.99d
videolan vlc 0.1.99e
videolan vlc 0.2.60
videolan vlc 0.2.61
videolan vlc 0.2.80
videolan vlc 0.2.81
videolan vlc 0.4.0
videolan vlc 0.4.1
videolan vlc 0.5.0
videolan vlc 0.5.1
videolan vlc 0.7.1
videolan vlc 0.7.2
videolan vlc 0.8.6
videolan vlc 0.8.6a
videolan vlc 0.1.99b
videolan vlc 0.1.99c
videolan vlc 0.2.0
videolan vlc 0.2.50
videolan vlc 0.2.72
videolan vlc 0.2.73
videolan vlc 0.3.0
videolan vlc 0.3.1
videolan vlc 0.4.5
videolan vlc 0.4.6
videolan vlc 0.6.2
videolan vlc 0.7.0
videolan vlc 0.8.4a
videolan vlc 0.8.5
videolan vlc 0.2.91
videolan vlc 0.2.92
videolan vlc 0.4.3_ac3
videolan vlc 0.4.4
videolan vlc 0.6.0
videolan vlc 0.6.1
videolan vlc 0.8.2
videolan vlc 0.8.4
videolan vlc 0.8.6d
videolan vlc 0.8.6e
videolan vlc 0.2.82
videolan vlc 0.2.83
videolan vlc 0.2.90
videolan vlc 0.4.2
videolan vlc 0.4.3
videolan vlc 0.5.2
videolan vlc 0.5.3
videolan vlc 0.8.0
videolan vlc 0.8.1
videolan vlc 0.8.1337
videolan vlc 0.8.6b
videolan vlc 0.8.6c

Debian Bug report logs - #489004 vlc: CVE-2008-2430 heap overflow in wav fmt chunk parsing Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 2 Jul 2008 17:21:07 U ...

Debian Bug report logs - #478140 vlc: CVE-2008-1768, CVE-2008-1769 multiple security issues Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sun, 27 Apr 2008 13:45:02 ...

Debian Bug report logs - #477805 vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 25 Apr 2008 1 ...

Several vulnerabilities have been discovered in vlc, a multimedia player and streamer The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code CVE-2008-1769 Dr ...

CWE-119 http://security.gentoo.org/glsa/glsa-200804-25.xml http://www.videolan.org/developers/vlc/NEWS http://www.videolan.org/security/sa0803.php http://wiki.videolan.org/Changelog/0.8.6f http://www.securityfocus.com/bid/28903 http://secunia.com/advisories/29800 http://secunia.com/advisories/29503 http://www.vupen.com/english/advisories/2008/0985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489004 https://www.debian.org/security/./dsa-1819

CVE-2008-1768

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect