CVE-2008-5276

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-5276
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07
http://secunia.com/advisories/32942 Vendor Advisory
http://secunia.com/advisories/33315
http://security.gentoo.org/glsa/glsa-200812-24.xml
http://securityreason.com/securityalert/4680
http://www.osvdb.org/50333
http://www.securityfocus.com/archive/1/498768/100/0/threaded
http://www.securityfocus.com/bid/32545
http://www.trapkit.de/advisories/TKADV2008-013.txt Exploit
http://www.videolan.org/security/sa0811.html Vendor Advisory
http://www.vupen.com/english/advisories/2008/3287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07
http://secunia.com/advisories/32942 Vendor Advisory
http://secunia.com/advisories/33315
http://security.gentoo.org/glsa/glsa-200812-24.xml
http://securityreason.com/securityalert/4680
http://www.osvdb.org/50333
http://www.securityfocus.com/archive/1/498768/100/0/threaded
http://www.securityfocus.com/bid/32545
http://www.trapkit.de/advisories/TKADV2008-013.txt Exploit
http://www.videolan.org/security/sa0811.html Vendor Advisory
http://www.vupen.com/english/advisories/2008/3287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.9.8:*:*:*:*:*:*:*
History

No history.

Information

Published : 2008-12-03 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-5276

Mitre link : CVE-2008-5276

CVE.ORG link : CVE-2008-5276

JSON object : View

Products Affected

videolan

  • vlc_media_player
CWE
CWE-189

Numeric Errors