VDB
CVE-2008-5032
CVE-2008-5032
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
EPSS 18.20% · 95.1th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
18.20%
95.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| videolan | vlc_media_player | 0.5.0, 0.5.3, 0.6.2 |
Timeline
- Nov 10, 2008 CVE Published
- Sep 15, 2009 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 28, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Sep 1, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 14, 2022 EPSS Score
- Feb 4, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
References
- [oss-security] 20081105 VideoLAN security advisory 0810 mailing-list
- vlcmediaplayer-cue-bo(46375) vdb
- http://www.videolan.org/security/sa0810.html url
- 20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability mailing-list
- [oss-security] 20081105 CVE id request: vlc mailing-list
- [oss-security] 20081110 Re: CVE id request: vlc mailing-list
- http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=5f63f1562d43f32331006c2c1a61742de031b84d url
- oval:org.mitre.oval:def:14798 vdb
- 32569 third-party-advisory
- http://www.trapkit.de/advisories/TKADV2008-012.txt url
- 33315 third-party-advisory
- 32125 vdb
- GLSA-200812-24 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-5032 advisory
- http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d url