CVE-2008-5036
Published: 10 November 2008
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Released
(0.9.4-1ubuntu3.2)
|
|
jaunty |
Not vulnerable
(0.9.8a-1ubuntu1)
|
|
upstream |
Released
(0.9.6)
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=4909d939d435d7930f0e05e8b308d735950368f8 |