CVE-2008-3732
vlc - several integer overflows
EPSS 32.1%
Description
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
How to fix CVE-2008-3732
To remediate CVE-2008-3732, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 0.8.6.h-2 or later
- Debian/vlc—upgrade to 0.8.6.h-1+lenny1 or later
Is CVE-2008-3732 being exploited?
Moderate — EPSS is 32.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.8.6.h-2
- from 0, < 0.8.6.h-1+lenny1