cbcvebase.
CVE-2008-1489
published 2008-03-25

CVE-2008-1489: Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute…

PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
11.87%
95.6th percentile
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianvlc< vlc 0.8.6.e-1.1 (bookworm)vlc 0.8.6.e-1.1 (bookworm)
videolanvlc
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1
videolanvlc_media_player>= 0 < 0.8.6.e-1.10.8.6.e-1.1

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.3CRITICAL
vendor_debian9.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.