Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3732Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-1896 documents6 sources
Severity
9.3CRITICALNVD
EPSS
32.1%
top 3.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedAug 20
Latest updateMay 2

Description

Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.8.6.h-2+3

🔴Vulnerability Details

3
GHSA
GHSA-f82v-mcfc-hrmc: Integer overflow in the Open function in modules/demux/tta2022-05-02
CVEList
CVE-2008-3732: Integer overflow in the Open function in modules/demux/tta2008-08-20
OSV
CVE-2008-3732: Integer overflow in the Open function in modules/demux/tta2008-08-20

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 0.8.6i - '.tta' File Parsing Heap Overflow (PoC)2008-08-16

📋Vendor Advisories

1
Debian
CVE-2008-3732: vlc - Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player...2008
CVE-2008-3732 — Videolan VLC Media Player vulnerability | cvebase