CVE-2008-0295

Name of the Vulnerable Software and Affected Versions VideoLAN VLC Media Player versions 0.8.6d and earlier

Description The issue is related to a heap-based buffer overflow in the real sdpplin.c module of the Xine library, used in VideoLAN VLC Media Player. This allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. The exploitation of this issue can lead to the execution of arbitrary code or a denial of service.

Recommendations For versions 0.8.6d and earlier, consider disabling the real sdpplin.c module or restricting the use of long SDP data to minimize the risk of exploitation until a patch is available.