CVE-2008-4654
Published: 22 October 2008
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Not vulnerable
(code not present)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Released
(0.9.4-1ubuntu3.2)
|
|
jaunty |
Not vulnerable
(0.9.9a-2ubuntu1)
|
|
upstream |
Needed
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133 |