Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5032Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
9.3CRITICALNVD
EPSS
18.2%
top 4.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedNov 10
Latest updateMay 14

Description

Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.8.6.h-5+3
NVDvideolan/vlc_media_player31 versions+30

🔴Vulnerability Details

3
GHSA
GHSA-jv67-453q-wxm3: Stack-based buffer overflow in VideoLAN VLC media player 02022-05-14
CVEList
CVE-2008-5032: Stack-based buffer overflow in VideoLAN VLC media player 02008-11-10
OSV
CVE-2008-5032: Stack-based buffer overflow in VideoLAN VLC media player 02008-11-10

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player < 0.9.6 - 'CUE' Local Buffer Overflow (PoC)2009-09-15

📋Vendor Advisories

1
Debian
CVE-2008-5032: vlc - Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 mig...2008
CVE-2008-5032 — Videolan VLC Media Player vulnerability | cvebase