| Vulnerability Name: | CVE-2008-4654 (CCN-45960) | ||||||||
| Assigned: | 2008-10-18 | ||||||||
| Published: | 2008-10-18 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726 Source: MITRE Type: CNA CVE-2008-4654 Source: CONFIRM Type: UNKNOWN http://git.videolan.org/?p=vlc.git;a=commit;h=fde9e1cc1fe1ec9635169fa071e42b3aa6436033 Source: CCN Type: Linux kernel GIT Repository Fix (yet another) TiVo demux overflow. Source: CONFIRM Type: UNKNOWN http://git.videolan.org/?p=vlc.git;a=commitdiff;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133 Source: CCN Type: SA32339 VLC Media Player TY Processing Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 32339 Source: SREASON Type: UNKNOWN 4460 Source: MLIST Type: UNKNOWN [oss-security] 20081019 CVE id request: vlc Source: CCN Type: OSVDB ID: 49181 VLC Media Player modules/demux/ty.c parse_master Function TY File Handling Overflow Source: CCN Type: OSVDB ID: 49453 VLC Media Player TY Demux Plugin ty.c Crafted TY File Handling Overflow Source: BUGTRAQ Type: UNKNOWN 20081020 [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability Source: BID Type: UNKNOWN 31813 Source: CCN Type: BID-31813 VLC Media Player TY File Stack Based Buffer Overflow Vulnerability Source: MISC Type: Exploit http://www.trapkit.de/advisories/TKADV2008-010.txt Source: CCN Type: VideoLAN-SA-0809 Buffer overflow in VLC TiVo demuxer Source: CONFIRM Type: Vendor Advisory http://www.videolan.org/security/sa0809.html Source: CCN Type: VideoLAN Web site VLC media player Source: VUPEN Type: UNKNOWN ADV-2008-2856 Source: XF Type: UNKNOWN vlcmediaplayer-ty-bo(45960) Source: XF Type: UNKNOWN vlcmediaplayer-ty-bo(45960) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:14803 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [2011-02-02] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||