CVE-2008-0295

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
Severity
UNKNOWN
AV:N/AC:M/Au:S/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
videolanvlc_media_player
𝑥
≤ 0.8.6d
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vlc
bullseye (security)
3.0.21-0+deb11u1
fixed
bullseye
3.0.21-0+deb11u1
fixed
bookworm
3.0.21-0+deb12u1
fixed
bookworm (security)
3.0.21-0+deb12u1
fixed
sid
3.0.21-2
fixed
trixie
3.0.21-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vlc
karmic
Fixed 0.8.6e-0ubuntu1
released
jaunty
Fixed 0.8.6e-0ubuntu1
released
intrepid
Fixed 0.8.6e-0ubuntu1
released
hardy
Fixed 0.8.6e-0ubuntu1
released
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored