9.3

CVE-2008-5276

Exploit

EPSS 7.67%
Veröffentlicht 03.12.2008 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Videolan ≫ Vlc Media Player Version0.9.0

Videolan ≫ Vlc Media Player Version0.9.1

Videolan ≫ Vlc Media Player Version0.9.2

Videolan ≫ Vlc Media Player Version0.9.3

Videolan ≫ Vlc Media Player Version0.9.4

Videolan ≫ Vlc Media Player Version0.9.5

Videolan ≫ Vlc Media Player Version0.9.6

Videolan ≫ Vlc Media Player Version0.9.7

Videolan ≫ Vlc Media Player Version0.9.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.67%	0.916

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/33315

http://security.gentoo.org/glsa/glsa-200812-24.xml

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07

http://secunia.com/advisories/32942

Vendor Advisory

http://securityreason.com/securityalert/4680

http://www.osvdb.org/50333

http://www.securityfocus.com/archive/1/498768/100/0/threaded

http://www.securityfocus.com/bid/32545

http://www.trapkit.de/advisories/TKADV2008-013.txt

Exploit

http://www.videolan.org/security/sa0811.html

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3287

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793

https://nvd.nist.gov/vuln/detail/CVE-2008-5276

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5276

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5276

EUVD