Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2008-5276

Date: December 3, 2008

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Severity Score

Related Resources (15)

http://security.gentoo.org/glsa/glsa-200812-24.xml
https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5276
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793
http://www.videolan.org/security/sa0811.html
http://secunia.com/advisories/32942
http://secunia.com/advisories/33315
http://www.vupen.com/english/advisories/2008/3287
https://nvd.nist.gov/vuln/detail/CVE-2008-5276
http://www.osvdb.org/50333
http://securityreason.com/securityalert/4680
http://www.trapkit.de/advisories/TKADV2008-013.txt
http://www.securityfocus.com/archive/1/498768/100/0/threaded
http://www.securityfocus.com/bid/32545
https://www.mend.io/vulnerability-database/CVE-2008-5276

Severity Score

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us