{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80633?format=json","vulnerability_id":"VCID-ygt3-byr3-7qd7","summary":"Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file.  NOTE: this issue is due to an incomplete fix for CVE-2007-6681.","aliases":[{"alias":"CVE-2008-1881"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/364815?format=json","purl":"pkg:deb/debian/vlc@0.8.6.e-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@0.8.6.e-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364803?format=json","purl":"pkg:deb/debian/vlc@3.0.21-0%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.21-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364801?format=json","purl":"pkg:deb/debian/vlc@3.0.23-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364805?format=json","purl":"pkg:deb/debian/vlc@3.0.23-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/364804?format=json","purl":"pkg:deb/debian/vlc@3.0.23-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vlc@3.0.23-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/336857?format=json","purl":"pkg:ebuild/media-video/vlc@0.8.6f","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-video/vlc@0.8.6f"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1881","reference_id":"","reference_type":"","scores":[{"value":"0.53989","scoring_system":"epss","scoring_elements":"0.98049","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1881"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477805","reference_id":"477805","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477805"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/5250.cpp","reference_id":"CVE-2008-1881","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/5250.cpp"},{"reference_url":"https://security.gentoo.org/glsa/200804-25","reference_id":"GLSA-200804-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-25"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/5667.py","reference_id":"OSVDB-44461;CVE-2008-1881","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/5667.py"}],"weaknesses":[],"exploits":[{"date_added":"2008-03-13","description":"VideoLAN VLC Media Player 0.8.6e - Subtitle Parsing Local Buffer Overflow","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2008-03-14","exploit_type":"local","platform":"windows","source_date_updated":"2016-11-23","data_source":"Exploit-DB","source_url":""}],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygt3-byr3-7qd7"}