CVE-2008-5276
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Desbordamiento de entero en la función ReadRealIndex en el archivo real.c en el Real demuxer plugin en reproductor multimedia VideoLAN VLC desde la versión 0.9.0 hasta 0.9.7, permite a los atacante remotos ejecutar arbitrariamente código a través de ficheros RealMedia (.rm) mal formados que lanzan un desbordamiento de búfer basado en montículo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-11-28 CVE Reserved
- 2008-12-01 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07 | X_refsource_confirm | |
| http://secunia.com/advisories/33315 | Third Party Advisory | |
| http://securityreason.com/securityalert/4680 | Third Party Advisory | |
| http://www.osvdb.org/50333 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/498768/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/32545 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/3287 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://www.trapkit.de/advisories/TKADV2008-013.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32942 | 2023-11-07 | |
| http://security.gentoo.org/glsa/glsa-200812-24.xml | 2023-11-07 | |
| http://www.videolan.org/security/sa0811.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.0 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.0" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.1 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.1" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.2 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.2" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.3 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.3" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.4 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.4" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.5 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.5" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.6 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.6" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.7 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.7" | - |
Affected
| ||||||
| Videolan Search vendor "Videolan" | Vlc Media Player Search vendor "Videolan" for product "Vlc Media Player" | 0.9.8 Search vendor "Videolan" for product "Vlc Media Player" and version "0.9.8" | - |
Affected
| ||||||