Candidate: CVE-2008-4558
PublicDate: 2008-10-15 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558
 http://www.coresecurity.com/content/vlc-xspf-memory-corruption
Description:
 Array index error in VLC media player 0.9.2 allows remote attackers to
 overwrite arbitrary memory and execute arbitrary code via an XSPF playlist
 file with a negative identifier tag, which passes a signed comparison.
Ubuntu-Description:
Notes:
 mdeslaur> PoC: http://www.coresecurity.com/content/vlc-xspf-memory-corruption
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_vlc:
 upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=6d3c22f29e650b0d10b2116fe3145194d20b8b56
upstream_vlc: released (0.9.3)
dapper_vlc: ignored (reached end-of-life)
feisty_vlc: needed (reached end-of-life)
gutsy_vlc: needed (reached end-of-life)
hardy_vlc: not-affected (code not present)
intrepid_vlc: not-affected (0.9.4-1ubuntu3.1)
jaunty_vlc: not-affected (0.9.9a-2ubuntu1)
karmic_vlc: not-affected (1.0.0~rc2-1ubuntu1)
devel_vlc: not-affected (1.0.0~rc2-1ubuntu1)