CVE 2008-5276
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Related bugs and status
CVE-2008-5276 (Candidate) is related to these bugs:
Bug #275980: vlc is missing RTSP support
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 275980 | vlc is missing RTSP support | vlc (Ubuntu) | Low | Fix Released | ||
Bug #285922: vlc: buffer overflow in TY demux
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 285922 | vlc: buffer overflow in TY demux | vlc (Ubuntu) | Undecided | Fix Released | ||
| 285922 | vlc: buffer overflow in TY demux | vlc (Debian) | Unknown | Fix Released | ||
Bug #289263: New 0.9.5 release, security fixes
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 289263 | New 0.9.5 release, security fixes | vlc (Ubuntu) | Undecided | Fix Released | ||
Bug #300328: sync/merge vlc 0.9.6 from debian experimental
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 300328 | sync/merge vlc 0.9.6 from debian experimental | vlc (Ubuntu) | Wishlist | Fix Released | ||
Bug #305100: Security problem with VLC media player (upgrade to version 0.9.8a recommended)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 305100 | Security problem with VLC media player (upgrade to version 0.9.8a recommended) | vlc (Ubuntu) | Medium | Fix Released | ||
Bug #305958: CVE-2008-5276 RealMedia Processing Integer Overflow Vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 305958 | CVE-2008-5276 RealMedia Processing Integer Overflow Vulnerability | vlc (Ubuntu) | Undecided | Fix Released | ||
Bug #307239: Please backport vlc to 0.9.8a in Intrepid (important security update)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Intrepid Ibex Backports | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Hardy Backports | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu) | Undecided | Fix Released | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Intrepid) | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Karmic Backports | Undecided | Invalid | ||
Bug #313626: Backport 0.9.8a to Intrepid
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 313626 | Backport 0.9.8a to Intrepid | vlc (Ubuntu) | Undecided | New | ||
See the 
CVE page on Mitre.org
for more details.
