CVE-2008-1768 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

1.9%

top 16.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player Videolan VLC

Timeline

PublishedApr 25

Latest updateMay 1

Description

Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 0.8.6.e-2.1+3

▶NVDvideolan/vlc60 versions+59

🔴Vulnerability Details

GHSA

GHSA-m98q-h66m-8mm5: Multiple integer overflows in VLC before 0↗2022-05-01

▶

OSV

CVE-2008-1768: Multiple integer overflows in VLC before 0↗2008-04-25

▶

CVEList

CVE-2008-1768: Multiple integer overflows in VLC before 0↗2008-04-24

▶

📋Vendor Advisories

Debian

CVE-2008-1768: vlc - Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause ...↗2008

▶