CVE-2008-4686

NameCVE-2008-4686
DescriptionMultiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1819-1, DTSA-175-1
Debian Bugs503118

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vlc (PTS)buster, buster (security)3.0.17.4-0+deb10u1fixed
bullseye (security), bullseye3.0.17.4-0+deb11u1fixed
bookworm, sid3.0.17.4-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vlcsourceetch0.8.6-svn20061012.debian-5.1+etch3DSA-1819-1
vlcsourcelenny0.8.6.h-4+lenny1DTSA-175-1
vlcsource(unstable)0.8.6.h-4.1medium503118

Search for package or bug name: Reporting problems