9.3

CVE-2008-4654

Exploit
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideolanVlc Media Player Version0.9
VideolanVlc Media Player Version0.9.1
VideolanVlc Media Player Version0.9.2
VideolanVlc Media Player Version0.9.3
VideolanVlc Media Player Version0.9.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 57.55% 0.99
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
http://secunia.com/advisories/32339
Vendor Advisory
http://securityreason.com/securityalert/4460
http://www.openwall.com/lists/oss-security/2008/10/19/2
http://www.securityfocus.com/archive/1/497587/100/0/threaded
http://www.securityfocus.com/bid/31813
http://www.trapkit.de/advisories/TKADV2008-010.txt
Exploit
http://www.videolan.org/security/sa0809.html
Vendor Advisory
http://www.vupen.com/english/advisories/2008/2856
https://exchange.xforce.ibmcloud.com/vulnerabilities/45960
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803