CVE-2008-4654
EPSS 82.1%
Description
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
How to fix CVE-2008-4654
To remediate CVE-2008-4654, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 1.0.3-1 or later
Is CVE-2008-4654 being exploited?
Likely — EPSS is 82.1%, placing CVE-2008-4654 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 1.0.3-1