FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5276

This CVE name corresponds to:

Entered Topic
2008-12-06 vlc -- arbitrary code execution in the RealMedia processor

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-5276 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-5276
Phase Assigned(20081128)

Description

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

References

Source Reference
BUGTRAQ 20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability
MISC http://www.trapkit.de/advisories/TKADV2008-013.txt
CONFIRM http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07
CONFIRM http://www.videolan.org/security/sa0811.html
GENTOO GLSA-200812-24
BID 32545
VUPEN ADV-2008-3287
OSVDB 50333
SECUNIA 32942
SECUNIA 33315
SREASON 4680

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.