CVE-2008-0984
published 2008-02-26CVE-2008-0984: The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
15.28%
96.4th percentile
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 0.8.6.e-1 (bookworm) | vlc 0.8.6.e-1 (bookworm) |
| debian | vlc | < vlc 0.8.6.e-1.1 (bookworm) | vlc 0.8.6.e-1.1 (bookworm) |
| miro | miro_player | <= 1.1 | — |
| videolan | vlc | — | — |
| videolan | vlc_media_player | <= 0.8.6d | — |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1.1 | 0.8.6.e-1.1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1 | 0.8.6.e-1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1.1 | 0.8.6.e-1.1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1 | 0.8.6.e-1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1.1 | 0.8.6.e-1.1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1 | 0.8.6.e-1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1.1 | 0.8.6.e-1.1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.e-1 | 0.8.6.e-1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g9w3-mq78-c86r: The MP4 demuxer (mp4
ghsa_unreviewed·2022-05-01
CVE-2008-0984 [HIGH] GHSA-g9w3-mq78-c86r: The MP4 demuxer (mp4
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
GHSA
GHSA-46j7-rwp3-929v: Integer overflow in the MP4_ReadBox_rdrf function in libmp4
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-1489 [CRITICAL] GHSA-46j7-rwp3-929v: Integer overflow in the MP4_ReadBox_rdrf function in libmp4
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
OSV
CVE-2008-1489: Integer overflow in the MP4_ReadBox_rdrf function in libmp4
osv·2008-03-25·CVSS 9.3
CVE-2008-1489 [CRITICAL] CVE-2008-1489: Integer overflow in the MP4_ReadBox_rdrf function in libmp4
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
OSV
CVE-2008-0984: The MP4 demuxer (mp4
osv·2008-02-26·CVSS 9.3
CVE-2008-0984 [CRITICAL] CVE-2008-0984: The MP4 demuxer (mp4
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
Debian
CVE-2008-0984: vlc - The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro...
vendor_debian·2008·CVSS 9.3
CVE-2008-0984 [CRITICAL] CVE-2008-0984: vlc - The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro...
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
Scope: local
bookworm: resolved (fixed in 0.8.6.e-1)
bullseye: resolved (fixed in 0.8.6.e-1)
forky: resolved (fixed in 0.8.6.e-1)
sid: resolved (fixed in 0.8.6.e-1)
trixie: resolved (fixed in 0.8.6.e-1)
Debian
CVE-2008-1489: vlc - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e all...
vendor_debian·2008·CVSS 9.3
CVE-2008-1489 [CRITICAL] CVE-2008-1489: vlc - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e all...
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Scope: local
bookworm: resolved (fixed in 0.8.6.e-1.1)
bullseye: resolved (fixed in 0.8.6.e-1.1)
forky: resolved (fixed in 0.8.6.e-1.1)
sid: resolved (fixed in 0.8.6.e-1.1)
trixie: resolved (fixed in 0.8.6.e-1.1)
No detection rules found.
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.htmlhttp://secunia.com/advisories/29122http://secunia.com/advisories/29153http://secunia.com/advisories/29284http://secunia.com/advisories/29766http://www.coresecurity.com/?action=item&id=2147http://www.debian.org/security/2008/dsa-1543http://www.gentoo.org/security/en/glsa/glsa-200803-13.xmlhttp://www.securityfocus.com/archive/1/488841/100/0/threadedhttp://www.securityfocus.com/bid/28007http://www.securitytracker.com/id?1019510http://www.videolan.org/security/sa0802.htmlhttp://www.vupen.com/english/advisories/2008/0682http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.htmlhttp://secunia.com/advisories/29122http://secunia.com/advisories/29153http://secunia.com/advisories/29284http://secunia.com/advisories/29766http://www.coresecurity.com/?action=item&id=2147http://www.debian.org/security/2008/dsa-1543http://www.gentoo.org/security/en/glsa/glsa-200803-13.xmlhttp://www.securityfocus.com/archive/1/488841/100/0/threadedhttp://www.securityfocus.com/bid/28007http://www.securitytracker.com/id?1019510http://www.videolan.org/security/sa0802.htmlhttp://www.vupen.com/english/advisories/2008/0682
2008-02-26
Published