Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5036

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-5036
Last Modified 27 Jan 2012 12:32:21
Published 10 Nov 2008 05:18:34
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5036

Summary

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.

Vulnerable Systems

Application

  • Videolan Vlc Media Player 0.9

  • Videolan Vlc Media Player 0.9.0

  • Videolan Vlc Media Player 0.9.1

  • Videolan Vlc Media Player 0.9.2

  • Videolan Vlc Media Player 0.9.3

  • Videolan Vlc Media Player 0.9.4

  • Videolan Vlc Media Player 0.9.5


References

XF - vlcmediaplayer-realtext-bo(46376)

CONFIRM - http://www.videolan.org/security/sa0810.html

MISC - http://www.trapkit.de/advisories/TKADV2008-011.txt

BID - 32125

BUGTRAQ - 20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability

MLIST - [oss-security] 20081110 Re: CVE id request: vlc

MLIST - [oss-security] 20081105 CVE id request: vlc

MLIST - [oss-security] 20081105 VideoLAN security advisory 0810

MILW0RM - 7051

GENTOO - GLSA-200812-24

SECUNIA - 33315

SECUNIA - 32569

CONFIRM - http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447


Last Updated: 27 May 2016 10:48:41