CVE-2008-4686

NameCVE-2008-4686
DescriptionMultiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1819-1, DTSA-175-1
NVD severityhigh (attack range: remote, user-initiated)
Debian Bugs503118
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vlc (PTS)squeeze, squeeze (security)1.1.3-1squeeze6fixed
wheezy (security), wheezy2.0.3-5+deb7u2fixed
jessie (security), jessie2.2.0~rc2-2+deb8u1fixed
stretch2.2.1-2fixed
sid2.2.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vlcsource(unstable)0.8.6.h-4.1medium503118
vlcsourceetch0.8.6-svn20061012.debian-5.1+etch3highDSA-1819-1
vlcsourcelenny0.8.6.h-4+lenny1highDTSA-175-1

Search for package or bug name: Reporting problems