CVE Vulnerabilities

CVE-2008-3794

Published: Aug 26, 2008 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Vlc_media_player Videolan 0.8.6i (including) 0.8.6i (including)
Vlc Ubuntu dapper *
Vlc Ubuntu feisty *
Vlc Ubuntu gutsy *
Vlc Ubuntu hardy *

References