Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1769Out-of-bounds Write in VLC

CWE-3996 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
26.6%
top 3.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Videolan VLC Media PlayerVideolan VLC
Timeline
PublishedApr 25
Latest updateMay 1

Description

VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.8.6.e-2.1+3
NVDvideolan/vlc60 versions+59

🔴Vulnerability Details

3
GHSA
GHSA-mxxw-w2hq-pvjj: VLC before 02022-05-01
OSV
CVE-2008-1769: VLC before 02008-04-25
CVEList
CVE-2008-1769: VLC before 02008-04-24

💥Exploits & PoCs

1
Exploit-DB
Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow2008-04-25

📋Vendor Advisories

1
Debian
CVE-2008-1769: vlc - VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) vi...2008
CVE-2008-1769 — Out-of-bounds Write in Videolan VLC | cvebase