CVE DATABASE / CVE-2008-4558
CVE-2008-4558
CVSS 6.8 · MEDIUM
Summary
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
CVSS 2.0 breakdown
| Base score | 6.8 (MEDIUM) |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | MEDIUM |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Videolan vlc media player
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/32267
- http://www.coresecurity.com/content/vlc-xspf-memory-corruption
- http://www.exploit-db.com/exploits/6756
- http://www.securityfocus.com/archive/1/497354/100/0/threaded
- http://www.securityfocus.com/bid/31758
- http://www.vupen.com/english/advisories/2008/2826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45869
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.