cbcvebase.
CVE-2008-0984
published 2008-02-26

CVE-2008-0984: The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory…

PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
15.28%
96.4th percentile
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianvlc< vlc 0.8.6.e-1 (bookworm)vlc 0.8.6.e-1 (bookworm)
debianvlc< vlc 0.8.6.e-1.1 (bookworm)vlc 0.8.6.e-1.1 (bookworm)
miromiro_player<= 1.1
videolanvlc
videolanvlc_media_player<= 0.8.6d
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1
videolanvlc_media_player>= 0 < 0.8.6.e-10.8.6.e-1
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1
videolanvlc_media_player>= 0 < 0.8.6.e-10.8.6.e-1
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1
videolanvlc_media_player>= 0 < 0.8.6.e-10.8.6.e-1
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1
videolanvlc_media_player>= 0 < 0.8.6.e-10.8.6.e-1

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.