[vlc] integer overflow leading to heap overflow in vlc 0.8.6e (mp4 demuxer)

Tue Mar 25 00:05:09 CET 2008

======================================================
Name: CVE-2008-1489
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489
Reference: CONFIRM:http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC
0.8.6e allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted MP4 RDRF box that
triggers a heap-based buffer overflow, a different vulnerability than
CVE-2008-0984.