Search for vulnerabilities
Vulnerability details: VCID-p4us-k9fs-aaaq
Vulnerability ID VCID-p4us-k9fs-aaaq
Aliases CVE-2008-4558
Summary Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
Status Published
Exploitability 2.0
Weighted Severity 6.1
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.15965 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.22015 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.52633 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.52633 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.52633 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
epss 0.76021 https://api.first.org/data/v1/epss?cve=CVE-2008-4558
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2008-4558
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2008-4558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558
http://secunia.com/advisories/32267
https://exchange.xforce.ibmcloud.com/vulnerabilities/45869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726
http://www.exploit-db.com/exploits/6756
http://www.securityfocus.com/archive/1/497354/100/0/threaded
http://www.securityfocus.com/bid/31758
http://www.vupen.com/english/advisories/2008/2826
502314 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502314
cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
CVE-2008-4558 https://nvd.nist.gov/vuln/detail/CVE-2008-4558
OSVDB-63986;CVE-2008-4558;OSVDB-49112 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/6756.txt
OSVDB-63986;CVE-2008-4558;OSVDB-49112 Exploit http://www.coresecurity.com/content/vlc-xspf-memory-corruption
Data source Exploit-DB
Date added Oct. 13, 2008
Description VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption
Ransomware campaign use Known
Source publication date Oct. 14, 2008
Exploit type dos
Platform windows
Source update date Nov. 23, 2016
Source URL http://www.coresecurity.com/content/vlc-xspf-memory-corruption
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4558
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94208
EPSS Score 0.15965
Published At April 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.