CVE-2008-5276
Published: 3 December 2008
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
upstream |
Released
(0.9.8)
|
dapper |
Not vulnerable
(code not present)
|
|
gutsy |
Not vulnerable
(code not present)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Released
(0.9.4-1ubuntu3.2)
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07 |