Vulnerability Description
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Videolan | Vlc Media Player | 0.9.0 |
Related Weaknesses (CWE)
References
- http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b
- http://secunia.com/advisories/32942Vendor Advisory
- http://secunia.com/advisories/33315
- http://security.gentoo.org/glsa/glsa-200812-24.xml
- http://securityreason.com/securityalert/4680
- http://www.osvdb.org/50333
- http://www.securityfocus.com/archive/1/498768/100/0/threaded
- http://www.securityfocus.com/bid/32545
- http://www.trapkit.de/advisories/TKADV2008-013.txtExploit
- http://www.videolan.org/security/sa0811.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2008/3287
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b
- http://secunia.com/advisories/32942Vendor Advisory
- http://secunia.com/advisories/33315
FAQ
What is CVE-2008-5276?
CVE-2008-5276 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed R...
How severe is CVE-2008-5276?
CVE-2008-5276 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5276?
Check the references section above for vendor advisories and patch information. Affected products include: Videolan Vlc Media Player.