CVE-2008-0984

EUVD-2008-0991
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
miromiro_player
𝑥
≤ 1.1
videolanvlc_media_player
𝑥
≤ 0.8.6d
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vlc
bookworm
3.0.21-0+deb12u1
fixed
bookworm (security)
3.0.21-0+deb12u1
fixed
bullseye
3.0.21-0+deb11u1
fixed
bullseye (security)
3.0.21-0+deb11u1
fixed
sid
3.0.21-2
fixed
trixie
3.0.21-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vlc
dapper
Fixed 0.8.4.debian-1ubuntu6.2
released
edgy
Fixed 0.8.6-svn20061012.debian-1ubuntu1.2
released
feisty
Fixed 0.8.6.release-0ubuntu4.1
released
gutsy
Fixed 0.8.6.release.c-0ubuntu5.1
released
Common Weakness Enumeration
References
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html
http://secunia.com/advisories/29122
http://secunia.com/advisories/29153
http://secunia.com/advisories/29284
http://secunia.com/advisories/29766
http://www.coresecurity.com/?action=item&id=2147
http://www.debian.org/security/2008/dsa-1543
http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
http://www.securityfocus.com/archive/1/488841/100/0/threaded
http://www.securityfocus.com/bid/28007
http://www.securitytracker.com/id?1019510
http://www.videolan.org/security/sa0802.html
http://www.vupen.com/english/advisories/2008/0682
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html
http://secunia.com/advisories/29122
http://secunia.com/advisories/29153
http://secunia.com/advisories/29284
http://secunia.com/advisories/29766
http://www.coresecurity.com/?action=item&id=2147
http://www.debian.org/security/2008/dsa-1543
http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
http://www.securityfocus.com/archive/1/488841/100/0/threaded
http://www.securityfocus.com/bid/28007
http://www.securitytracker.com/id?1019510
http://www.videolan.org/security/sa0802.html
http://www.vupen.com/english/advisories/2008/0682