Candidate: CVE-2008-4654
PublicDate: 2008-10-22 00:11:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4654
 http://www.videolan.org/security/sa0809.html
Description:
 Stack-based buffer overflow in the parse_master function in the Ty demux
 plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows
 remote attackers to execute arbitrary code via a TiVo TY media file with a
 header containing a crafted size value.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/285922
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_vlc:
 upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
upstream_vlc: needed
dapper_vlc: not-affected (code not present)
gutsy_vlc: not-affected (code not present)
hardy_vlc: not-affected (code not present)
intrepid_vlc: released (0.9.4-1ubuntu3.2)
jaunty_vlc: not-affected (0.9.9a-2ubuntu1)
devel_vlc: not-affected (1.0.0~rc2-1ubuntu1)