Vulnerability Description
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miro | Miro Player | <= 1.1 |
| Videolan | Vlc Media Player | <= 0.8.6d |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html
- http://secunia.com/advisories/29122Vendor Advisory
- http://secunia.com/advisories/29153Vendor Advisory
- http://secunia.com/advisories/29284Vendor Advisory
- http://secunia.com/advisories/29766Vendor Advisory
- http://www.coresecurity.com/?action=item&id=2147
- http://www.debian.org/security/2008/dsa-1543
- http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
- http://www.securityfocus.com/archive/1/488841/100/0/threaded
- http://www.securityfocus.com/bid/28007
- http://www.securitytracker.com/id?1019510
- http://www.videolan.org/security/sa0802.htmlPatch
- http://www.vupen.com/english/advisories/2008/0682Vendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html
- http://secunia.com/advisories/29122Vendor Advisory
FAQ
What is CVE-2008-0984?
CVE-2008-0984 is a vulnerability with a CVSS score of 9.3 (HIGH). The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malforme...
How severe is CVE-2008-0984?
CVE-2008-0984 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0984?
Check the references section above for vendor advisories and patch information. Affected products include: Miro Miro Player, Videolan Vlc Media Player.