CVE-2008-5276

Publication date 3 December 2008

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vlc	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 0.9.4-1ubuntu3.2
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
vlc	Upstream: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-5276