Lucene search

MitreCVE-2008-3794

HistoryAug 26, 2008 - 3:41 p.m.

CVE-2008-3794

2008-08-2615:41:00

CWE-189

mitre

web.nvd.nist.gov

security

vulnerability

vlc media player

remote code execution

integer overflow

heap-based buffer overflow

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.152

Percentile

95.9%

JSON

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.

Affected configurations

Nvd

Node

videolanvlc_media_playerMatch0.8.6i

VendorProductVersionCPE
videolanvlc_media_player0.8.6icpe:/a:videolan:vlc_media_player:0.8.6i:::

Vendor	Product	Version	CPE
videolan	vlc_media_player	0.8.6i	cpe:/a:videolan:vlc_media_player:0.8.6i:::

References

mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html

security.gentoo.org/glsa/glsa-200809-06.xml

securityreason.com/securityalert/4190

www.openwall.com/lists/oss-security/2008/08/24/3

www.orange-bat.com/adv/2008/adv.08.24.txt

www.securityfocus.com/bid/30806

www.securitytracker.com/id?1020759

exchange.xforce.ibmcloud.com/vulnerabilities/44659

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531

www.exploit-db.com/exploits/6293

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.152

Percentile

95.9%

JSON

Related for CVE-2008-3794