What is CVE-2008-4654?

CVE-2008-4654 is a vulnerability in N/a. Published 2008-10-21.

Is CVE-2008-4654 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-4654

Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containin…

EPSS: 0.821 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

ADV-2008-2856 (vdb-entry, x_refsource_VUPEN)
oval:org.mitre.oval:def:14803 (x_refsource_OVAL, signature, vdb-entry)
git.videolan.org/ (x_refsource_CONFIRM)
32339 (x_refsource_SECUNIA, third-party-advisory)
www.trapkit.de/advisories/TKADV2008-010.txt (x_refsource_MISC)
git.videolan.org/ (x_refsource_CONFIRM)
[oss-security] 20081019 CVE id request: vlc (mailing-list, x_refsource_MLIST)
31813 (vdb-entry, x_refsource_BID)
www.videolan.org/security/sa0809.html (x_refsource_CONFIRM)
4460 (x_refsource_SREASON, third-party-advisory)

Frequently asked questions

What is CVE-2008-4654?: CVE-2008-4654 is a vulnerability in N/a. Published 2008-10-21.
Is CVE-2008-4654 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.