CVE-2008-4686
vlc - integer overflows
EPSS 8.3%
Description
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
How to fix CVE-2008-4686
To remediate CVE-2008-4686, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 0.8.6.h-4.1 or later
- Debian/vlc—upgrade to 0.8.6.h-4+lenny1 or later
Is CVE-2008-4686 being exploited?
Moderate — EPSS is 8.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.8.6.h-4.1
- from 0, < 0.8.6.h-4+lenny1