CVE-2008-5276
Description
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.924
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update VLC Media Player 0.9.7 to latest version | Windows |
| Update VLC Media Player 0.9.7 (x64) to latest version | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.9.2 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.9.2 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.9.1 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.9.3 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.9.4 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.9.1 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.9.3 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.9.4 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.9.0 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.9.0 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.9.5 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.9.5 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.9.6 | Windows |
| Vulnerabilities CVE-2008-5276,CVE-2010-2937,CVE-2012-1775,CVE-2012-1776 are affected in VLC Media Player (MSI) (x64) 0.9.7 | Windows |
| Vulnerabilities CVE-2008-5276,CVE-2012-1775,CVE-2012-1776 are affected in VLC Media Player (MSI) (x64) 0.9.8 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.9.6 | Windows |
| Vulnerabilities CVE-2008-5276,CVE-2010-2937,CVE-2012-1775,CVE-2012-1776 are affected in VLC media player (MSI) 0.9.7 | Windows |
| Vulnerabilities CVE-2008-5276,CVE-2012-1775,CVE-2012-1776 are affected in VLC media player (MSI) 0.9.8 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-339134 | VLC Media Player (3.0.21) |
| PATCH-339135 | VLC Media Player (X64) (3.0.21) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234