VDB
CVE-2008-5036
CVE-2008-5036
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
EPSS 68.72% · 98.6th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
68.72%
98.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| videolan | vlc_media_player | 0.9, 0.9.0, 0.9.1 |
Timeline
- Nov 7, 2008 PoC Published
- Nov 10, 2008 CVE Published
- Mar 2, 2012 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
References
- http://secunia.com/advisories/32569 url
- http://secunia.com/advisories/33315 url
- http://security.gentoo.org/glsa/glsa-200812-24.xml url
- http://www.openwall.com/lists/oss-security/2008/11/05/4 url
- http://www.openwall.com/lists/oss-security/2008/11/05/5 url
- http://www.openwall.com/lists/oss-security/2008/11/10/13 url
- http://www.securityfocus.com/archive/1/498111/100/0/threaded url
- http://www.securityfocus.com/bid/32125 url
- http://www.trapkit.de/advisories/TKADV2008-011.txt url
- http://www.videolan.org/security/sa0810.html url
- http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447 url
- 7051 exploit
- vlcmediaplayer-realtext-bo(46376) vdb
- oval:org.mitre.oval:def:14329 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2008-5036 advisory
- http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447 url