CVE-2008-0295
vlc - buffer overflows
EPSS 32.9%
Description
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
How to fix CVE-2008-0295
To remediate CVE-2008-0295, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 0.8.6.c-6 or later
- Debian/vlc—upgrade to 0.8.6.c-4.1~lenny2 or later
Is CVE-2008-0295 being exploited?
Moderate — EPSS is 32.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.8.6.c-6
- from 0, < 0.8.6.c-4.1~lenny2