{"id":"DEBIAN-CVE-2008-4686","details":"Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.","modified":"2025-11-19T02:02:41.564075Z","published":"2008-10-22T18:00:01.177Z","upstream":["CVE-2008-4686"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2008-4686"}],"affected":[{"package":{"name":"vlc","ecosystem":"Debian:11","purl":"pkg:deb/debian/vlc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.6.h-4.1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-4686.json"}},{"package":{"name":"vlc","ecosystem":"Debian:12","purl":"pkg:deb/debian/vlc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.6.h-4.1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-4686.json"}},{"package":{"name":"vlc","ecosystem":"Debian:13","purl":"pkg:deb/debian/vlc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.6.h-4.1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-4686.json"}},{"package":{"name":"vlc","ecosystem":"Debian:14","purl":"pkg:deb/debian/vlc?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.6.h-4.1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-4686.json"}}],"schema_version":"1.7.3"}