CVE-2008-4686 Information

Description

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player probably 0.9.4 might allow remote attackers to execute arbitrary code via a crafted .ty file a different vulnerability than CVE-2008-4654.

Reference

http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3 http://www.openwall.com/lists/oss-security/2008/10/19/2 http://www.openwall.com/lists/oss-security/2008/10/22/6 http://www.securityfocus.com/bid/31867 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14630