CVE-2008-1489 : Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e all

Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

Published 2008-03-25 00:44:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2008-1489

Videolan » VLC » Version: 0.8.6e
cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1489

EPSS FAQ

21.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1489

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-1489

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1489

http://www.vupen.com/english/advisories/2008/0985

Site en construction

CVEs referencing this url
http://secunia.com/advisories/29766

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/29503

About Secunia Research | Flexera

CVEs referencing this url
http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

Exploit
http://wiki.videolan.org/Changelog/0.8.6f

Changelog/0.8.6f - VideoLAN Wiki

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1543

[SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841

404 Not Found
http://security.gentoo.org/glsa/glsa-200804-25.xml

VLC: User-assisted execution of arbitrary code (GLSA 200804-25) — Gentoo security

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/41412

VLC media player MP4_ReadBox_rdrf() buffer overflow CVE-2008-1489 Vulnerability Report
http://www.videolan.org/security/sa0803.php

VideoLAN Security Advisory 0803 - VideoLAN

CVEs referencing this url
http://secunia.com/advisories/29800

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/bid/28433

Jump to

Vulnerability Details : CVE-2008-1489

Products affected by CVE-2008-1489

Exploit prediction scoring system (EPSS) score for CVE-2008-1489

CVSS scores for CVE-2008-1489

CWE ids for CVE-2008-1489

References for CVE-2008-1489