Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5036Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
66.5%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedNov 10
Latest updateMay 14

Description

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianvideolan/vlc_media_player< 1.0.3-1+3
NVDvideolan/vlc_media_player7 versions+6

🔴Vulnerability Details

3
GHSA
GHSA-qr75-p27m-crxr: Stack-based buffer overflow in VideoLAN VLC media player 02022-05-14
OSV
CVE-2008-5036: Stack-based buffer overflow in VideoLAN VLC media player 02008-11-10
CVEList
CVE-2008-5036: Stack-based buffer overflow in VideoLAN VLC media player 02008-11-10

💥Exploits & PoCs

2
Exploit-DB
VideoLAN VLC Media Player 0.9.5 - RealText Subtitle Overflow (Metasploit)2012-03-02
Exploit-DB
VideoLAN VLC Media Player < 0.9.6 - '.rt' Local Stack Buffer Overflow2008-11-07

📋Vendor Advisories

1
Debian
CVE-2008-5036: vlc - Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 migh...2008
CVE-2008-5036 — Videolan VLC Media Player vulnerability | cvebase