Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4558 — Numeric Range Comparison Without Minimum Check in VLC Media Player

CWE-3997 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

19.6%

top 4.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player

Timeline

PublishedOct 15

Latest updateMay 2

Description

Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 0.9.3-1+3

▶NVDvideolan/vlc_media_player0.9.2

🔴Vulnerability Details

GHSA

GHSA-hh4p-jcm5-55rv: Array index error in VLC media player 0↗2022-05-02

▶

OSV

CVE-2008-4558: Array index error in VLC media player 0↗2008-10-15

▶

CVEList

CVE-2008-4558: Array index error in VLC media player 0↗2008-10-14

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption↗2008-10-14

▶

Exploit-DB

CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow↗2008-03-16

▶

📋Vendor Advisories

Debian

CVE-2008-4558: vlc - Array index error in VLC media player 0.9.2 allows remote attackers to overwrite...↗2008

▶