CVE-2008-4558
Published: 15 October 2008
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
Notes
Author | Note |
---|---|
mdeslaur | PoC: http://www.coresecurity.com/content/vlc-xspf-memory-corruption |
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Not vulnerable
(0.9.4-1ubuntu3.1)
|
|
jaunty |
Not vulnerable
(0.9.9a-2ubuntu1)
|
|
karmic |
Not vulnerable
(1.0.0~rc2-1ubuntu1)
|
|
upstream |
Released
(0.9.3)
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=6d3c22f29e650b0d10b2116fe3145194d20b8b56 |