CVE-2008-1881 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-1881 PUBLISHED CVSS 6.800000190734863 MEDIUM

Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

EPSS 53.99% · 98.0th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

53.99%

98.0th percentile

Affected Products

Vendor	Product	Versions
videolan	vlc	0.8.6e
n/a	n/a	n/a

Timeline

Mar 14, 2008 PoC Published
Apr 17, 2008 CVE Published
May 23, 2008 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 1, 2023 EPSS Score

References

vlc-parsessa-bo(41936) vdb
http://aluigi.org/adv/vlcboffs-adv.txt url
20080317 VLC highlander bug mailing-list
28233 third-party-advisory
GLSA-200804-25 vendor-advisory
http://wiki.videolan.org/Changelog/0.8.6f url
28274 vdb
29800 third-party-advisory
oval:org.mitre.oval:def:14872 vdb
5250 exploit
vlcmediaplayer-subtitle-bo(41237) vdb
http://aluigi.altervista.org/adv/vlcboffs-adv.txt url
28251 vdb
https://nvd.nist.gov/vuln/detail/CVE-2008-1881 advisory

Open in Interactive Console →