Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0296Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
11.6%
top 6.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedJan 16
Latest updateMay 1

Description

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.8.6.c-6+3

🔴Vulnerability Details

3
GHSA
GHSA-78hh-hfqx-jx57: Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 02022-05-01
CVEList
CVE-2008-0296: Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 02008-01-16
OSV
CVE-2008-0296: Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 02008-01-16

💥Exploits & PoCs

1
Exploit-DB
Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow2008-04-25

📋Vendor Advisories

1
Debian
CVE-2008-0296: vlc - Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Medi...2008
CVE-2008-0296 — Videolan VLC Media Player vulnerability | cvebase