Lucene search

MitreCVE-2008-0295

HistoryJan 16, 2008 - 10:00 p.m.

CVE-2008-0295

2008-01-1622:00:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-0295

buffer overflow

xine library

denial of service

remote execution

sdp

videolan vlc media player

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.047

Percentile

92.8%

JSON

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

Affected configurations

Nvd

Node

videolanvlc_media_playerRange≤0.8.6d

VendorProductVersionCPE
videolanvlc_media_player*cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
videolan	vlc_media_player	*	cpe:2.3:a:videolan:vlc_media_player::::::::

References

aluigi.altervista.org/adv/vlcxhof-adv.txt

secunia.com/advisories/28383

secunia.com/advisories/29284

secunia.com/advisories/29766

www.debian.org/security/2008/dsa-1543

www.gentoo.org/security/en/glsa/glsa-200803-13.xml

www.securityfocus.com/bid/27221

www.vupen.com/english/advisories/2008/0105

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.047

Percentile

92.8%

JSON

Related for CVE-2008-0295