CVE - CVE-2008-5036

CVE-ID
CVE-2008-5036	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:32125 URL:http://www.securityfocus.com/bid/32125 BUGTRAQ:20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/498111/100/0/threaded CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447 CONFIRM:http://www.videolan.org/security/sa0810.html EXPLOIT-DB:7051 URL:https://www.exploit-db.com/exploits/7051 GENTOO:GLSA-200812-24 URL:http://security.gentoo.org/glsa/glsa-200812-24.xml MISC:http://www.trapkit.de/advisories/TKADV2008-011.txt MLIST:[oss-security] 20081105 CVE id request: vlc URL:http://www.openwall.com/lists/oss-security/2008/11/05/5 MLIST:[oss-security] 20081105 VideoLAN security advisory 0810 URL:http://www.openwall.com/lists/oss-security/2008/11/05/4 MLIST:[oss-security] 20081110 Re: CVE id request: vlc URL:http://www.openwall.com/lists/oss-security/2008/11/10/13 OVAL:oval:org.mitre.oval:def:14329 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329 SECUNIA:32569 URL:http://secunia.com/advisories/32569 SECUNIA:33315 URL:http://secunia.com/advisories/33315 XF:vlcmediaplayer-realtext-bo(46376) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46376
Assigning CNA
MITRE Corporation
Date Record Created
20081110	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081110)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)