PublicDate: 2008-03-25 00:44:00 UTC
Candidate: CVE-2008-1489
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489
Description:
 Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC
 0.8.6e allows remote attackers to cause a denial of service (crash) and
 possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a
 heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/207284
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472635
Priority: medium
Discovered-by: Drew Yao and Nico Golde
Assigned-to:
CVSS: 

Patches_vlc:
 other: http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
 debdiff: http://launchpad.net/bugs/207284
upstream_vlc: not-affected (0.8.6f)
dapper_vlc: released (0.8.4.debian-1ubuntu6.3)
edgy_vlc: needed (reached end-of-life)
feisty_vlc: released (0.8.6.release-0ubuntu4.2)
gutsy_vlc: released (0.8.6.release.c-0ubuntu5.2)
hardy_vlc: released (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu2)
devel_vlc: released (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu2)