CVE-2008-2430
published 2008-07-07CVE-2008-2430: Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a…
PriorityP345critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.88%
92.3th percentile
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 0.8.6.h-1 (bookworm) | vlc 0.8.6.h-1 (bookworm) |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-1 | 0.8.6.h-1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-1 | 0.8.6.h-1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-1 | 0.8.6.h-1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-1 | 0.8.6.h-1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5pfg-3295-hcjc: Integer overflow in the Open function in modules/demux/wav
ghsa_unreviewed·2022-05-01
CVE-2008-2430 [HIGH] GHSA-5pfg-3295-hcjc: Integer overflow in the Open function in modules/demux/wav
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
OSV
CVE-2008-2430: Integer overflow in the Open function in modules/demux/wav
osv·2008-07-07·CVSS 9.3
CVE-2008-2430 [CRITICAL] CVE-2008-2430: Integer overflow in the Open function in modules/demux/wav
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
Debian
CVE-2008-2430: vlc - Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player...
vendor_debian·2008·CVSS 9.3
CVE-2008-2430 [CRITICAL] CVE-2008-2430: vlc - Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player...
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
Scope: local
bookworm: resolved (fixed in 0.8.6.h-1)
bullseye: resolved (fixed in 0.8.6.h-1)
forky: resolved (fixed in 0.8.6.h-1)
sid: resolved (fixed in 0.8.6.h-1)
trixie: resolved (fixed in 0.8.6.h-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/30601http://secunia.com/advisories/31317http://secunia.com/secunia_research/2008-29/advisory/http://security.gentoo.org/glsa/glsa-200807-13.xmlhttp://securityreason.com/securityalert/3976http://www.securityfocus.com/archive/1/493849/100/0/threadedhttp://www.securityfocus.com/bid/30058http://www.securitytracker.com/id?1020429http://www.videolan.org/developers/vlc/NEWShttp://www.vupen.com/english/advisories/2008/1995/referenceshttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769http://secunia.com/advisories/30601http://secunia.com/advisories/31317http://secunia.com/secunia_research/2008-29/advisory/http://security.gentoo.org/glsa/glsa-200807-13.xmlhttp://securityreason.com/securityalert/3976http://www.securityfocus.com/archive/1/493849/100/0/threadedhttp://www.securityfocus.com/bid/30058http://www.securitytracker.com/id?1020429http://www.videolan.org/developers/vlc/NEWShttp://www.vupen.com/english/advisories/2008/1995/referenceshttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769
2008-07-07
Published