CVE-2008-1881

VLC - Stack-based Buffer Overflow in SSA Subtitle Parser

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1881. PoCs published by j0rgan, Mai Xuan Cuong.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in VLC 0.8.6d, leveraging two shellcode payloads to achieve remote code execution via a maliciously crafted .ssa file. It demonstrates both a direct EIP overwrite and an SEH-based overflow for reliability.

Description

Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

Exploits (2)

exploitdb WORKING POC VERIFIED
by j0rgan · pythonlocalwindows
https://www.exploit-db.com/exploits/5667

This exploit targets a buffer overflow vulnerability in VLC 0.8.6d, leveraging two shellcode payloads to achieve remote code execution via a maliciously crafted .ssa file. It demonstrates both a direct EIP overwrite and an SEH-based overflow for reliability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC 0.8.6d
No auth needed
Prerequisites: VLC 0.8.6d installed on target system · Ability to deliver crafted .ssa file to victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Mai Xuan Cuong · c++localwindows
https://www.exploit-db.com/exploits/5250

This exploit targets a buffer overflow vulnerability in VLC media player versions up to 0.8.6.e by crafting malicious .ssa and .avi files. The PoC includes shellcode to execute arbitrary commands (e.g., calculator) when the files are processed by VLC.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC media player <= 0.8.6.e
No auth needed
Prerequisites: Victim must open the malicious .ssa and .avi files in VLC
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41936
Various Sources x_refsource_misc
http://aluigi.org/adv/vlcboffs-adv.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489698
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28233
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-25.xml
Third Party Advisory x_refsource_confirm
http://wiki.videolan.org/Changelog/0.8.6f
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28274
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29800
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5250
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41237
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/vlcboffs-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28251

Scores

EPSS 0.5399
EPSS Percentile 98.1%

Details

CWE
CWE-119
Status published
Products (1)
videolan/vlc 0.8.6e
Published Apr 17, 2008
Tracked Since Feb 18, 2026