CVE-2008-5276
HIGH severity · CVSS 9.3 · CWE-189
9.3CVSS HIGH
Summary
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)8%
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/32942Advisory
- http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07
- http://secunia.com/advisories/33315
- http://security.gentoo.org/glsa/glsa-200812-24.xml
- http://securityreason.com/securityalert/4680
- http://www.osvdb.org/50333
- http://www.securityfocus.com/archive/1/498768/100/0/threaded
- http://www.securityfocus.com/bid/32545