CVE-2008-1489

2008-03-25 01:44:00 2017-09-29 03:30:44

Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Videolan Vlc 0.8.6e (not an official CPE)

Videolan - Vlc

Advisory	Patch	Confirmed	Link
			vlcmediaplayer-mp4readbox-rdrf-bo(41412)
			28433
			ADV-2008-0985
			http://www.videolan.org/security/sa0803.php
			DSA-1543
			http://wiki.videolan.org/Changelog/0.8.6f
			GLSA-200804-25
			http://trac.videolan.org/vlc/changeset/09572892df7e72c0d...

Numeric Errors (ID 189)

Related CVE(s) 1 CVE-2008-0984 CVSS 9.3