CVE-2008-2430
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 07 Jul 2008, 23:00
Last modified:07 Aug 2024, 08:58
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
7.89% LOW
8% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
07 Jul 2008, 23:00
Published
Vulnerability first disclosed
07 Aug 2024, 08:58
Last Modified
Vulnerability information updated
Description
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
CVSS Metrics
- v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 7.89%• Percentile: 92%
Techniques & Countermeasures
- CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
Affected Systems
- videolan•vlc_media_player
0.8.6h
References (12)
- http://secunia.com/advisories/31317
- http://securityreason.com/securityalert/3976
- http://www.securitytracker.com/id?1020429
- http://security.gentoo.org/glsa/glsa-200807-13.xml
- http://www.videolan.org/developers/vlc/NEWS
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344
- http://www.vupen.com/english/advisories/2008/1995/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769
- http://www.securityfocus.com/archive/1/493849/100/0/threaded
- http://secunia.com/secunia_research/2008-29/advisory/
- http://secunia.com/advisories/30601
- http://www.securityfocus.com/bid/30058