Vulnerability Name:

CVE-2008-5276 (CCN-46930)

Assigned:2008-11-30
Published:2008-11-30
Updated:2018-10-11
Summary:Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-5276

Source: CONFIRM
Type: Exploit
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07

Source: CCN
Type: SA32942
VLC Media Player Real Demuxer Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
32942

Source: SECUNIA
Type: UNKNOWN
33315

Source: GENTOO
Type: UNKNOWN
GLSA-200812-24

Source: SREASON
Type: UNKNOWN
4680

Source: CCN
Type: GLSA-200812-24
VLC: Multiple vulnerabilities

Source: OSVDB
Type: UNKNOWN
50333

Source: CCN
Type: OSVDB ID: 50333
VLC Media Player modules/demux/real.c ReadRealIndex() Function Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability

Source: BID
Type: UNKNOWN
32545

Source: CCN
Type: BID-32545
VLC Media Player Real demuxer Heap Buffer Overflow Vulnerability

Source: CCN
Type: trapkit.de Web site
TKADV2008-013: VLC media player RealMedia Processing Integer Overflow Vulnerability

Source: MISC
Type: Exploit
http://www.trapkit.de/advisories/TKADV2008-013.txt

Source: CCN
Type: VideoLAN-SA-0811
Buffer overflow in Real demuxer

Source: CONFIRM
Type: Vendor Advisory
http://www.videolan.org/security/sa0811.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-3287

Source: XF
Type: UNKNOWN
vlcmediaplayer-readrealindex-bo(46930)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14793

Vulnerable Configuration:Configuration 1:
  • cpe:/a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14793
    V
    		Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7
    2012-11-19
    BACK
    videolan vlc media player 0.9.0
    videolan vlc media player 0.9.1
    videolan vlc media player 0.9.2
    videolan vlc media player 0.9.3
    videolan vlc media player 0.9.4
    videolan vlc media player 0.9.5
    videolan vlc media player 0.9.6
    videolan vlc media player 0.9.7
    videolan vlc media player 0.9.8
    videolan vlc media player 0.9.2
    videolan vlc media player 0.9.4
    videolan vlc media player 0.9.3
    videolan vlc media player 0.9.1
    videolan vlc media player 0.9
    videolan vlc media player 0.9.5
    videolan vlc media player 0.9.6
    gentoo linux *