1
Candidate: CVE-2008-4558
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558
5
http://www.coresecurity.com/content/vlc-xspf-memory-corruption
7
Array index error in VLC media player 0.9.2 allows remote attackers to
8
overwrite arbitrary memory and execute arbitrary code via an XSPF playlist
9
file with a negative identifier tag, which passes a signed comparison.
12
mdeslaur> PoC: http://www.coresecurity.com/content/vlc-xspf-memory-corruption
19
upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=6d3c22f29e650b0d10b2116fe3145194d20b8b56
20
upstream_vlc: released (0.9.3)
21
dapper_vlc: ignored (reached end-of-life)
22
feisty_vlc: needed (reached end-of-life)
23
gutsy_vlc: needed (reached end-of-life)
24
hardy_vlc: not-affected (code not present)
25
intrepid_vlc: not-affected (0.9.4-1ubuntu3.1)
26
jaunty_vlc: not-affected (0.9.9a-2ubuntu1)
27
karmic_vlc: not-affected (1.0.0~rc2-1ubuntu1)
28
devel_vlc: not-affected (1.0.0~rc2-1ubuntu1)