PT-2008-1149 · Videolan · Vlc Media Player

Alin Rad Pop

Published

2008-07-07

Updated

2018-10-11

CVE-2008-2430

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VLC Media Player version 0.8.6h

Description The issue is related to an integer overflow in the Open function in modules/demux/wav.c, which can be exploited by remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. This is due to errors in number processing.

Recommendations For VLC Media Player version 0.8.6h, update to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider avoiding the use of the Open function in modules/demux/wav.c when handling WAV files until a patch is available. Restrict access to WAV files to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2019-03970

CVE-2008-2430

DSA-1819-1

DTSA-148-1

Affected Products

Vlc Media Player

PT-2008-1149 · Videolan · Vlc Media Player

CVE-2008-2430

Weakness Enumeration

Related Identifiers

Affected Products

References · 25