CVE-2008-5032
Published: 10 November 2008
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.3)
|
|
intrepid |
Released
(0.9.4-1ubuntu3.1)
|
|
jaunty |
Not vulnerable
(0.9.8a-1ubuntu3)
|
|
karmic |
Not vulnerable
(0.9.8a-1ubuntu3)
|
|
upstream |
Released
(0.9.8a-1)
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d |