CVE - CVE-2008-5032

CVE-ID
CVE-2008-5032	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:32125 URL:http://www.securityfocus.com/bid/32125 BUGTRAQ:20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/498112/100/0/threaded CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d CONFIRM:http://www.videolan.org/security/sa0810.html GENTOO:GLSA-200812-24 URL:http://security.gentoo.org/glsa/glsa-200812-24.xml MISC:http://www.trapkit.de/advisories/TKADV2008-012.txt MLIST:[oss-security] 20081105 CVE id request: vlc URL:http://www.openwall.com/lists/oss-security/2008/11/05/5 MLIST:[oss-security] 20081105 VideoLAN security advisory 0810 URL:http://www.openwall.com/lists/oss-security/2008/11/05/4 MLIST:[oss-security] 20081110 Re: CVE id request: vlc URL:http://www.openwall.com/lists/oss-security/2008/11/10/13 OVAL:oval:org.mitre.oval:def:14798 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798 SECUNIA:32569 URL:http://secunia.com/advisories/32569 SECUNIA:33315 URL:http://secunia.com/advisories/33315 XF:vlcmediaplayer-cue-bo(46375) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46375
Assigning CNA
MITRE Corporation
Date Record Created
20081110	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081110)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)