Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-3732

Published: 20/08/2008 Updated: 29/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Vlc Media Player

Vulnerability Summary

Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

videolan vlc media player 0.8.6i

Vendor Advisories

Debian CVElist Bug Report Logs: vlc: buffer overflow in mms handling
Debian Bug report logs - #496265 vlc: buffer overflow in mms handling Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sun, 24 Aug 2008 00:21:01 UTC Severity: grave T ...

Exploits

Exploit DB: VideoLAN VLC Media Player 0.8.6i - '.tta' File Parsing Heap Overflow (PoC)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - Orange Bat advisory - Name : VLC 086i Class : Heap overflow Published : 2008-08-16 Credit : g_ (g_ # orange-bat # com) - - Details - \modules\demux\ttac #define TTA_FRAMETIME 104489795918367346939 int i_seektable_size = 0, i; /* R ...

References

CWE-189http://www.orange-bat.com/adv/2008/adv.08.16.txthttp://www.securityfocus.com/bid/30718http://secunia.com/advisories/31512http://security.gentoo.org/glsa/glsa-200809-06.xmlhttp://securityreason.com/securityalert/4170http://www.vupen.com/english/advisories/2008/2394https://exchange.xforce.ibmcloud.com/vulnerabilities/44510https://www.exploit-db.com/exploits/6252https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496265https://nvd.nist.govhttps://www.exploit-db.com/exploits/6252/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook