Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5032

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-5032
Last Modified 27 Jan 2012 12:00:00
Published 10 Nov 2008 11:15:12
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5032

Summary

Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.

Vulnerable Systems

Application

  • Videolan Vlc Media Player 0.5.0

  • Videolan Vlc Media Player 0.5.3

  • Videolan Vlc Media Player 0.6.0

  • Videolan Vlc Media Player 0.6.2

  • Videolan Vlc Media Player 0.7.0

  • Videolan Vlc Media Player 0.7.1

  • Videolan Vlc Media Player 0.7.1a

  • Videolan Vlc Media Player 0.7.2

  • Videolan Vlc Media Player 0.8.0

  • Videolan Vlc Media Player 0.8.1

  • Videolan Vlc Media Player 0.8.2

  • Videolan Vlc Media Player 0.8.4

  • Videolan Vlc Media Player 0.8.4a

  • Videolan Vlc Media Player 0.8.5

  • Videolan Vlc Media Player 0.8.6

  • Videolan Vlc Media Player 0.8.6a

  • Videolan Vlc Media Player 0.8.6b

  • Videolan Vlc Media Player 0.8.6c

  • Videolan Vlc Media Player 0.8.6d

  • Videolan Vlc Media Player 0.8.6e

  • Videolan Vlc Media Player 0.8.6f

  • Videolan Vlc Media Player 0.8.6g

  • Videolan Vlc Media Player 0.8.6h

  • Videolan Vlc Media Player 0.8.6i

  • Videolan Vlc Media Player 0.9

  • Videolan Vlc Media Player 0.9.0

  • Videolan Vlc Media Player 0.9.1

  • Videolan Vlc Media Player 0.9.2

  • Videolan Vlc Media Player 0.9.3

  • Videolan Vlc Media Player 0.9.4

  • Videolan Vlc Media Player 0.9.5


References

XF - vlcmediaplayer-cue-bo(46375)

CONFIRM - http://www.videolan.org/security/sa0810.html

MISC - http://www.trapkit.de/advisories/TKADV2008-012.txt

BID - 32125

BUGTRAQ - 20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability

MLIST - [oss-security] 20081110 Re: CVE id request: vlc

MLIST - [oss-security] 20081105 CVE id request: vlc

MLIST - [oss-security] 20081105 VideoLAN security advisory 0810

GENTOO - GLSA-200812-24

SECUNIA - 33315

SECUNIA - 32569

CONFIRM - http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d


Last Updated: 27 May 2016 10:48:40