CVE-2008-4686

Published: Oct 22, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

Affected (5)

Products: Videolan: Vlc Media Player

1 product

Vlc Media Player

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Version 0.9.0
Videolan Vlc Media Player	Version 0.9.1
Videolan Vlc Media Player	Version 0.9.2
Videolan Vlc Media Player	Version 0.9.3
Videolan Vlc Media Player	Version 0.9.4

Related CWEs

References (10)

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/10/19/2

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/10/22/6

Source: cve@mitre.org

http://www.securityfocus.com/bid/31867

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630

Source: cve@mitre.org

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/10/19/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/10/22/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31867

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.