CVE-2008-5276

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

VideoLAN VLC Media Player

First reported 16 years ago

2008-12-03 17:30:00

Last updated 6 years ago

2018-10-11 20:54:00

Affected Software

VideoLAN VLC Media Player 0.9.0

0.9.0

VideoLAN VLC Media Player 0.9.1

0.9.1

VideoLAN VLC Media Player 0.9.2

0.9.2

VideoLAN VLC Media Player 0.9.3

0.9.3

VideoLAN VLC Media Player 0.9.4

0.9.4

VideoLAN VLC Media Player 0.9.5

0.9.5

VideoLAN VLC Media Player 0.9.6

0.9.6

References

http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07

Exploit

32942

Vendor Advisory

33315

GLSA-200812-24

4680

50333

20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability

32545

http://www.trapkit.de/advisories/TKADV2008-013.txt

Exploit

http://www.videolan.org/security/sa0811.html

Vendor Advisory

ADV-2008-3287

oval:org.mitre.oval:def:14793

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.