CVE-2008-3794

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
Configurations

Configuration 1

cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*

Information

Published : 2008-08-26 03:41

Updated : 2017-09-29 01:31


NVD link : CVE-2008-3794

Mitre link : CVE-2008-3794

Products Affected
No products.
CWE