CVE-2008-1489
Published: 25 March 2008
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Released
(0.8.4.debian-1ubuntu6.3)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Released
(0.8.6.release-0ubuntu4.2)
|
|
gutsy |
Released
(0.8.6.release.c-0ubuntu5.2)
|
|
hardy |
Released
(0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu2)
|
|
upstream |
Not vulnerable
(0.8.6f)
|
|
Patches: other: http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a debdiff: http://launchpad.net/bugs/207284 |