CVE-2008-4654

VLC Media Player 0.9.0-0.9.4 - Stack-Based Buffer Overflow in Ty Demux Plugin

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2008-4654. PoCs published by Metasploit, KernelErr, Hexastrike, including Metasploit module exploits/windows/fileformat/videolan_tivo.

AI-analyzed exploit summary This exploit targets a buffer overflow in VideoLAN VLC 0.9.4 by crafting a malicious TY file. It leverages a specific return address to execute arbitrary code when the file is processed by the vulnerable software.

Description

Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16629

This exploit targets a buffer overflow in VideoLAN VLC 0.9.4 by crafting a malicious TY file. It leverages a specific return address to execute arbitrary code when the file is processed by the vulnerable software.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VideoLAN VLC 0.9.4 and 0.9.2
No auth needed
Prerequisites: Vulnerable version of VLC installed on target system · Ability to deliver malicious TY file to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by KernelErr · poc
https://github.com/KernelErr/VLC-CVE-2008-4654-Exploit

This repository contains a functional exploit for CVE-2008-4654, a stack-based buffer overflow in VLC 0.9.4 when demuxing TiVo files. The exploit modifies a TiVo file to trigger the vulnerability, aligns the stack, and executes a shellcode payload (e.g., launching calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC 0.9.4
No auth needed
Prerequisites: A valid TiVo file to modify · VLC 0.9.4 installed on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Hexastrike · poc
https://github.com/Hexastrike/CVE-2008-4654

This repository contains a functional exploit for CVE-2008-4654, a stack-based buffer overflow in VLC Media Player 0.9.4 when processing TiVo files. The exploit uses a WOW64 egghunter to bypass stack space limitations and execute arbitrary shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC Media Player 0.9.4
No auth needed
Prerequisites: A valid TiVo file to weaponize · A target system running VLC Media Player 0.9.4 on a 64-bit Windows system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by rnnsz · poc
https://github.com/rnnsz/CVE-2008-4654

This repository contains a functional exploit for CVE-2008-4654, a stack-based buffer overflow in VLC Media Player via a crafted TiVo Ty file. The Python script modifies a sample .ty+ file to include a payload that executes arbitrary code when opened with VLC.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC Media Player (versions affected by CVE-2008-4654)
No auth needed
Prerequisites: A sample .ty+ file in the same directory as the script · VLC Media Player vulnerable to CVE-2008-4654
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by bongbongco · poc
https://github.com/bongbongco/CVE-2008-4654

This repository contains a functional exploit for CVE-2008-4654, a stack-based buffer overflow in VideoLAN VLC media player 0.9.4. The exploit crafts a malicious TiVo file to trigger the vulnerability and execute arbitrary shellcode (e.g., launching calc.exe).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VideoLAN VLC media player 0.9.4
No auth needed
Prerequisites: A valid TiVo file to modify · VLC 0.9.4 installed on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
perllocalwindows
https://www.exploit-db.com/exploits/6798

This exploit targets a stack-based buffer overflow in VLC Media Player via a maliciously crafted TY file. It includes shellcode for Windows XP SP1/SP2 and leverages a JMP ESP instruction in shell32.dll to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC Media Player (TY file parser)
No auth needed
Prerequisites: VLC Media Player installed on Windows XP SP1/SP2 · Ability to deliver malicious TY file to victim
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perllocalwindows
https://www.exploit-db.com/exploits/6825

This Perl script exploits a buffer overflow vulnerability in VLC 0.9.4 by crafting a malicious .TY file that triggers a reverse shell to a specified host and port. The exploit uses a combination of heap spraying and SEH manipulation to achieve reliable remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VLC Media Player 0.9.4
No auth needed
Prerequisites: VLC 0.9.4 installed on target system · Network connectivity to attacker-controlled host for reverse shell
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/videolan_tivo.rb

This exploit targets a buffer overflow vulnerability in VideoLAN VLC 0.9.4 by crafting a malicious TY file. It leverages a return address override to execute arbitrary payloads, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VideoLAN VLC 0.9.4
No auth needed
Prerequisites: Target must open the malicious TY file with a vulnerable version of VLC
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32339
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2856
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/19/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31813
Vendor Advisory x_refsource_confirm
http://www.videolan.org/security/sa0809.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4460
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45960
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497587/100/0/threaded
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726

Scores

EPSS 0.8213
EPSS Percentile 99.2%

Details

CWE
CWE-119
Status published
Products (5)
videolan/vlc_media_player 0.9
videolan/vlc_media_player 0.9.1
videolan/vlc_media_player 0.9.2
videolan/vlc_media_player 0.9.3
videolan/vlc_media_player 0.9.4
Published Oct 22, 2008
Tracked Since Feb 18, 2026