CVE-2008-4686 | HackTesting

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

References

http://www.openwall.com/lists/oss-security/2008/10/22/6

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3

http://www.openwall.com/lists/oss-security/2008/10/19/2

http://www.securityfocus.com/bid/31867