CVE-2008-4654 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Affected Products (NVD)

Vendor	Product	Version
videolan	vlc_media_player	0.9
videolan	vlc_media_player	0.9.1
videolan	vlc_media_player	0.9.2
videolan	vlc_media_player	0.9.3
videolan	vlc_media_player	0.9.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

vlc

bookworm	3.0.21-0+deb12u1 fixed
bookworm (security)	3.0.21-0+deb12u1 fixed
bullseye	3.0.21-0+deb11u1 fixed
bullseye (security)	3.0.21-0+deb11u1 fixed
etch	not-affected
lenny	not-affected
sid	3.0.21-2 fixed
trixie	3.0.21-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

vlc

dapper	not-affected
gutsy	not-affected
hardy	not-affected
intrepid	Fixed 0.9.4-1ubuntu3.2 released
jaunty	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726

http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7eaa39c462d65e9133

http://secunia.com/advisories/32339

http://securityreason.com/securityalert/4460

http://www.openwall.com/lists/oss-security/2008/10/19/2

http://www.securityfocus.com/archive/1/497587/100/0/threaded

http://www.securityfocus.com/bid/31813

http://www.trapkit.de/advisories/TKADV2008-010.txt

http://www.videolan.org/security/sa0809.html

http://www.vupen.com/english/advisories/2008/2856

https://exchange.xforce.ibmcloud.com/vulnerabilities/45960

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803