CVE-2008-4686

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

Published: Oct 22, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4686
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
videolan / vlc_media_player	0.9.0	0.9.0.x
videolan / vlc_media_player	0.9.4	0.9.4.x
videolan / vlc_media_player	0.9.1	0.9.1.x
videolan / vlc_media_player	0.9.2	0.9.2.x
videolan / vlc_media_player	0.9.3	0.9.3.x

http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3
http://www.openwall.com/lists/oss-security/2008/10/19/2
http://www.openwall.com/lists/oss-security/2008/10/22/6
http://www.securityfocus.com/bid/31867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630

Vulnerability Database

289,697

CVE-2008-4686