CVE-2008-3732

VLC Media Player <0.8.6i - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3732. PoCs published by g_.

AI-analyzed exploit summary The advisory describes a heap overflow vulnerability in VLC 0.8.6i due to improper handling of TTA file metadata, leading to a denial-of-service condition. The issue arises from an integer overflow in the calculation of the seek table size, allowing an attacker to trigger excessive memory allocation and overwrites.

Description

Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by g_ · textdosmultiple

https://www.exploit-db.com/exploits/6252

View Code ZIP pw:eip

The advisory describes a heap overflow vulnerability in VLC 0.8.6i due to improper handling of TTA file metadata, leading to a denial-of-service condition. The issue arises from an integer overflow in the calculation of the seek table size, allowing an attacker to trigger excessive memory allocation and overwrites.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: VLC 0.8.6i

No auth needed

Prerequisites: A maliciously crafted TTA file

MITRE ATT&CK