CVE-2008-3794
26.08.2008, 15:41
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.Enginsight
| Vendor | Product | Version |
|---|---|---|
| videolan | vlc_media_player | 0.8.6i:i |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References