CVE 2008-1489
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Related bugs and status
CVE-2008-1489 (Candidate) is related to these bugs:
Bug #207284: [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 207284 | [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e | vlc (Ubuntu) | Undecided | Fix Released | ||
| 207284 | [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e | vlc (Ubuntu Dapper) | Medium | Fix Released | ||
| 207284 | [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e | vlc (Ubuntu Edgy) | Medium | Won't Fix | ||
| 207284 | [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e | vlc (Ubuntu Feisty) | Medium | Fix Released | ||
| 207284 | [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e | vlc (Ubuntu Hardy) | Undecided | Fix Released | ||
| 207284 | [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e | vlc (Ubuntu Gutsy) | Medium | Fix Released | ||
| 207284 | [CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e | vlc (Gentoo Linux) | Medium | Fix Released | ||
Bug #214977: [vlc] [DSA-1543-1] several vulnerabilities
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 214977 | [vlc] [DSA-1543-1] several vulnerabilities | vlc (Ubuntu) | Undecided | New | ||
Bug #238873: vlc in Hardy needs a security update
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 238873 | vlc in Hardy needs a security update | vlc (Ubuntu) | High | Fix Released | ||
| 238873 | vlc in Hardy needs a security update | vlc (Ubuntu Dapper) | Undecided | Invalid | ||
| 238873 | vlc in Hardy needs a security update | vlc (Ubuntu Feisty) | Undecided | Won't Fix | ||
| 238873 | vlc in Hardy needs a security update | vlc (Ubuntu Gutsy) | Undecided | Won't Fix | ||
| 238873 | vlc in Hardy needs a security update | vlc (Ubuntu Intrepid) | High | Fix Released | ||
| 238873 | vlc in Hardy needs a security update | vlc (Ubuntu Hardy) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
