Search for vulnerabilities
Vulnerability details: VCID-n3jt-y83q-aaaq
Vulnerability ID VCID-n3jt-y83q-aaaq
Aliases CVE-2008-1489
Summary Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Status Published
Exploitability 2.0
Weighted Severity 6.1
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
epss 0.02683 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.02705 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.03275 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.03275 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.03277 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.03277 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.18949 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.21584 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.25716 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
epss 0.33778 https://api.first.org/data/v1/epss?cve=CVE-2008-1489
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2008-1489
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2008-1489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489
http://secunia.com/advisories/29503
http://secunia.com/advisories/29766
http://secunia.com/advisories/29800
http://security.gentoo.org/glsa/glsa-200804-25.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/41412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841
http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
http://wiki.videolan.org/Changelog/0.8.6f
http://www.debian.org/security/2008/dsa-1543
http://www.securityfocus.com/bid/28433
http://www.videolan.org/security/sa0803.php
http://www.vupen.com/english/advisories/2008/0985
472635 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472635
cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:*
CVE-2008-1489 https://nvd.nist.gov/vuln/detail/CVE-2008-1489
GLSA-200804-25 https://security.gentoo.org/glsa/200804-25
Data source Exploit-DB
Date added April 24, 2008
Description Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
Ransomware campaign use Known
Source publication date April 25, 2008
Exploit type local
Platform windows
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1489
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90721
EPSS Score 0.02683
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.