cbcvebase.
CVE-2008-3732
published 2008-08-20

CVE-2008-3732: Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application…

PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.43%
96.0th percentile
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianvlc< vlc 0.8.6.h-2 (bookworm)vlc 0.8.6.h-2 (bookworm)
videolanvlc_media_player
videolanvlc_media_player>= 0 < 0.8.6.h-20.8.6.h-2
videolanvlc_media_player>= 0 < 0.8.6.h-20.8.6.h-2
videolanvlc_media_player>= 0 < 0.8.6.h-20.8.6.h-2
videolanvlc_media_player>= 0 < 0.8.6.h-20.8.6.h-2

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.