CVE-2008-1768 — vlc - multiple vulnerabilities

Description

Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.

How to fix CVE-2008-1768

To remediate CVE-2008-1768, upgrade the affected package to a fixed version below.

Debian/vlc—upgrade to 0.8.6.e-2.1 or later
Debian/vlc—upgrade to 0.8.6-svn20061012.debian-5.1+etch3 or later
Debian/vlc—upgrade to 0.8.6.c-6+lenny4 or later

Is CVE-2008-1768 being exploited?

Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.8.6.e-2.1
from 0, < 0.8.6-svn20061012.debian-5.1+etch3
from 0, < 0.8.6.c-6+lenny4

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-1768