Videolan · Vlc · CVE-2008-1881
**Name of the Vulnerable Software and Affected Versions**
VLC version 0.8.6e
**Description**
The issue is related to a stack-based buffer overflow in the `ParseSSA` function, located in `modules/demux/subtitle.c`. This allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. The problem is due to an incomplete fix for a previous issue.
**Recommendations**
For VLC version 0.8.6e, consider disabling the `ParseSSA` function as a temporary workaround until a patch is available. Restrict access to SSA files to minimize the risk of exploitation.