CVE-2008-5276Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-1895 documents5 sources
Severity
9.3CRITICALNVD
EPSS
5.9%
top 9.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Videolan VLC Media Player
Timeline
PublishedDec 3
Latest updateMay 14

Description

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.9.8a-1+3
NVDvideolan/vlc_media_player9 versions+8

🔴Vulnerability Details

3
GHSA
GHSA-gj6f-7h35-44xq: Integer overflow in the ReadRealIndex function in real2022-05-14
OSV
CVE-2008-5276: Integer overflow in the ReadRealIndex function in real2008-12-03
CVEList
CVE-2008-5276: Integer overflow in the ReadRealIndex function in real2008-12-03

📋Vendor Advisories

1
Debian
CVE-2008-5276: vlc - Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plu...2008
CVE-2008-5276 — Videolan VLC Media Player vulnerability | cvebase