CVE-2008-4686

Videolan Vlc Media Player - Numeric Error

Title source: rule

Description

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Guido Landi · perllocalwindows
https://www.exploit-db.com/exploits/6825
exploitdb WORKING POC VERIFIED
by Guido Landi · perllocalwindows
https://www.exploit-db.com/exploits/6798

References (5)

Scores

EPSS 0.0826
EPSS Percentile 92.2%

Details

CWE
CWE-189
Status published
Products (5)
videolan/vlc_media_player 0.9.0
videolan/vlc_media_player 0.9.1
videolan/vlc_media_player 0.9.2
videolan/vlc_media_player 0.9.3
videolan/vlc_media_player 0.9.4
Published Oct 22, 2008
Tracked Since Feb 18, 2026