Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3794Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-1896 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
9.2%
top 7.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedAug 26
Latest updateMay 2

Description

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.8.6.h-4+3

🔴Vulnerability Details

3
GHSA
GHSA-6q3h-pc9x-4hhc: Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu2022-05-02
CVEList
CVE-2008-3794: Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu2008-08-26
OSV
CVE-2008-3794: Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu2008-08-26

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 0.8.6i - Mms Protocol Handling Heap Overflow (PoC)2008-08-23

📋Vendor Advisories

1
Debian
CVE-2008-3794: vlc - Integer signedness error in the mms_ReceiveCommand function in modules/access/mm...2008
CVE-2008-3794 — Videolan VLC Media Player vulnerability | cvebase