CVE-2008-5276

high

Description

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793

http://www.vupen.com/english/advisories/2008/3287

http://www.videolan.org/security/sa0811.html

http://www.securityfocus.com/bid/32545

http://www.securityfocus.com/archive/1/498768/100/0/threaded

http://www.osvdb.org/50333

http://securityreason.com/securityalert/4680

http://security.gentoo.org/glsa/glsa-200812-24.xml

http://secunia.com/advisories/33315

http://secunia.com/advisories/32942

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07

Details

Source: Mitre, NVD

Published: 2008-12-03

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High