Launchpad CVE tracker

CVE 2008-4686

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

Related bugs and status

CVE-2008-4686 (Candidate) is related to these bugs:

Bug #285922: vlc: buffer overflow in TY demux

Summary				In	Importance	Status
	285922	vlc: buffer overflow in TY demux		vlc (Ubuntu)	Undecided	Fix Released
	285922	vlc: buffer overflow in TY demux		vlc (Debian)	Unknown	Fix Released

Bug #307239: Please backport vlc to 0.9.8a in Intrepid (important security update)

		In	Importance	Status
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	Intrepid Ibex Backports	Undecided	Invalid
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	Hardy Backports	Undecided	Invalid
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu)	Undecided	Fix Released
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu Hardy)	Undecided	Won't Fix
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu Intrepid)	Undecided	Invalid
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	vlc (Ubuntu Jaunty)	Undecided	Fix Released
307239	Please backport vlc to 0.9.8a in Intrepid (important security update)	Karmic Backports	Undecided	Invalid

Bug #313626: Backport 0.9.8a to Intrepid

Summary				In	Importance	Status
	313626	Backport 0.9.8a to Intrepid		vlc (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-4686

References