Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0984 — Player vulnerability

CWE-3996 documents6 sources

Severity

9.3CRITICALNVD

EPSS

27.2%

top 3.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player Miro Player

Timeline

PublishedFeb 26

Latest updateMay 1

Description

The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶Debianvideolan/vlc_media_player< 0.8.6.e-1+3

▶NVDmiro/miro_player1.1

▶NVDvideolan/vlc_media_player0.8.6d

Patches

Patch: www.videolan.org ↗Patch: www.videolan.org ↗

🔴Vulnerability Details

GHSA

GHSA-g9w3-mq78-c86r: The MP4 demuxer (mp4↗2022-05-01

▶

CVEList

CVE-2008-0984: The MP4 demuxer (mp4↗2008-02-26

▶

OSV

CVE-2008-0984: The MP4 demuxer (mp4↗2008-02-26

▶

💥Exploits & PoCs

Exploit-DB

Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow↗2008-04-25

▶

📋Vendor Advisories

Debian

CVE-2008-0984: vlc - The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro...↗2008

▶