CVE-2008-4686
Published: 22 October 2008
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Released
(0.9.4-1ubuntu3.2)
|
|
jaunty |
Not vulnerable
(0.9.8a-1ubuntu1)
|
|
karmic |
Not vulnerable
(0.9.8a-1ubuntu1)
|
|
upstream |
Released
(0.9.4-2)
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3 |