CVE-2008-5276

Published: Dec 3, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Affected (9)

Products: Videolan: Vlc Media Player

1 product

Vlc Media Player

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Version 0.9.0
Videolan Vlc Media Player	Version 0.9.1
Videolan Vlc Media Player	Version 0.9.2
Videolan Vlc Media Player	Version 0.9.3
Videolan Vlc Media Player	Version 0.9.4
Videolan Vlc Media Player	Version 0.9.5
Videolan Vlc Media Player	Version 0.9.6
Videolan Vlc Media Player	Version 0.9.7
Videolan Vlc Media Player	Version 0.9.8

Related CWEs

References (24)

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07

Source: cve@mitre.org

http://secunia.com/advisories/32942

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/33315

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200812-24.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/4680

Source: cve@mitre.org

http://www.osvdb.org/50333

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/498768/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/32545

Source: cve@mitre.org

http://www.trapkit.de/advisories/TKADV2008-013.txt

Source: cve@mitre.org

Exploit

http://www.videolan.org/security/sa0811.html

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3287

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793

Source: cve@mitre.org

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32942

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/33315

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200812-24.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4680

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/50333

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/498768/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/32545

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.trapkit.de/advisories/TKADV2008-013.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.videolan.org/security/sa0811.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3287

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.