FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- arbitrary code execution in the RealMedia processor

Affected packages
vlc-devel < 0.9.8a

Details

VuXML ID acf80afa-c3ef-11dd-a721-0030843d3802
Discovery 2008-11-30
Entry 2008-12-06
Modified 2008-12-07

Tobias Klein from TrapKit reports:

The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia (.rm) files. The vulnerability leads to a heap overflow that can be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.

References

Bugtraq ID 32545
CVE Name CVE-2008-5276
URL http://www.trapkit.de/advisories/TKADV2008-013.txt
URL http://www.videolan.org/security/sa0811.html