CVE-2008-4686

NameCVE-2008-4686
DescriptionMultiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1819-1, DTSA-175-1
NVD severityhigh (attack range: remote)
Debian Bugs503118

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vlc (PTS)wheezy (security), wheezy2.0.3-5+deb7u2fixed
jessie2.2.1-1~deb8u1fixed
jessie (security)2.2.0~rc2-2+deb8u1fixed
stretch2.2.3-1fixed
sid2.2.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vlcsource(unstable)0.8.6.h-4.1medium503118
vlcsourceetch0.8.6-svn20061012.debian-5.1+etch3highDSA-1819-1
vlcsourcelenny0.8.6.h-4+lenny1highDTSA-175-1

Search for package or bug name: Reporting problems