Launchpad CVE tracker

CVE 2008-4654

Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.

Related bugs and status

CVE-2008-4654 (Candidate) is related to these bugs:

Bug #285922: vlc: buffer overflow in TY demux

Summary				In	Importance	Status
	285922	vlc: buffer overflow in TY demux		vlc (Ubuntu)	Undecided	Fix Released
	285922	vlc: buffer overflow in TY demux		vlc (Debian)	Unknown	Fix Released

Bug #307239: Please backport vlc to 0.9.8a in Intrepid (important security update)

		In	Importance	Status
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	Intrepid Ibex Backports	Undecided	Invalid
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	Hardy Backports	Undecided	Invalid
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu)	Undecided	Fix Released
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu Hardy)	Undecided	Won't Fix
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu Intrepid)	Undecided	Invalid
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu Jaunty)	Undecided	Fix Released
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	Karmic Backports	Undecided	Invalid

Bug #313626: Backport 0.9.8a to Intrepid

Summary				In	Importance	Status
	313626	Backport 0.9.8a to Intrepid		vlc (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-4654

References