CVE-2008-2430 — VLC Media Player vulnerability

CWE-1895 documents5 sources

Severity

9.3CRITICALNVD

EPSS

7.9%

top 7.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedJul 7

Latest updateMay 1

Description

Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 0.8.6.h-1+3

▶NVDvideolan/vlc_media_player0.8.6h

🔴Vulnerability Details

GHSA

GHSA-5pfg-3295-hcjc: Integer overflow in the Open function in modules/demux/wav↗2022-05-01

▶

OSV

CVE-2008-2430: Integer overflow in the Open function in modules/demux/wav↗2008-07-07

▶

CVEList

CVE-2008-2430: Integer overflow in the Open function in modules/demux/wav↗2008-07-07

▶

📋Vendor Advisories

Debian

CVE-2008-2430: vlc - Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player...↗2008

▶