CVE-2008-5036 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Videolan	Vlc Media Player

Configuration 1 [-]

OR	cpe:2.3:a:videolan:vlc_media_player:0.9:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.9.0:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.9.1:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.9.2:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.9.3:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.9.4:::::::*
	cpe:2.3:a:videolan:vlc_media_player:0.9.5:::::::*

No data.

References

Link	Providers
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447
http://secunia.com/advisories/32569
http://secunia.com/advisories/33315
http://security.gentoo.org/glsa/glsa-200812-24.xml
http://www.openwall.com/lists/oss-security/2008/11/05/4
http://www.openwall.com/lists/oss-security/2008/11/05/5
http://www.openwall.com/lists/oss-security/2008/11/10/13
http://www.securityfocus.com/archive/1/498111/100/0/threaded
http://www.securityfocus.com/bid/32125
http://www.trapkit.de/advisories/TKADV2008-011.txt
http://www.videolan.org/security/sa0810.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/46376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329
https://www.exploit-db.com/exploits/7051

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-10T22:00:00

Updated: 2024-08-07T10:40:17.328Z

Reserved: 2008-11-10T00:00:00

Link: CVE-2008-5036

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-11-10T22:18:34.490

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5036

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20081105 VideoLAN security advisory 0810", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"}, {"name": "20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.videolan.org/security/sa0810.html"}, {"name": "7051", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7051"}, {"name": "vlcmediaplayer-realtext-bo(46376)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"}, {"tags": ["x_refsource_MISC"], "url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"}, {"name": "[oss-security] 20081105 CVE id request: vlc", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"}, {"name": "[oss-security] 20081110 Re: CVE id request: vlc", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"}, {"name": "32569", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32569"}, {"name": "33315", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33315"}, {"name": "oval:org.mitre.oval:def:14329", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"}, {"name": "32125", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32125"}, {"name": "GLSA-200812-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5036", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20081105 VideoLAN security advisory 0810", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"}, {"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447"}, {"name": "20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"}, {"name": "http://www.videolan.org/security/sa0810.html", "refsource": "CONFIRM", "url": "http://www.videolan.org/security/sa0810.html"}, {"name": "7051", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7051"}, {"name": "vlcmediaplayer-realtext-bo(46376)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"}, {"name": "http://www.trapkit.de/advisories/TKADV2008-011.txt", "refsource": "MISC", "url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"}, {"name": "[oss-security] 20081105 CVE id request: vlc", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"}, {"name": "[oss-security] 20081110 Re: CVE id request: vlc", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"}, {"name": "32569", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32569"}, {"name": "33315", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33315"}, {"name": "oval:org.mitre.oval:def:14329", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"}, {"name": "32125", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32125"}, {"name": "GLSA-200812-24", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:17.328Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20081105 VideoLAN security advisory 0810", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"}, {"name": "20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.videolan.org/security/sa0810.html"}, {"name": "7051", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7051"}, {"name": "vlcmediaplayer-realtext-bo(46376)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"}, {"name": "[oss-security] 20081105 CVE id request: vlc", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"}, {"name": "[oss-security] 20081110 Re: CVE id request: vlc", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"}, {"name": "32569", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32569"}, {"name": "33315", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33315"}, {"name": "oval:org.mitre.oval:def:14329", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"}, {"name": "32125", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32125"}, {"name": "GLSA-200812-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5036", "datePublished": "2008-11-10T22:00:00", "dateReserved": "2008-11-10T00:00:00", "dateUpdated": "2024-08-07T10:40:17.328Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2989A186-A580-47FE-A8B0-87FD0861D325", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en VideoLAN VLC media player v0.9.x anteriores a v0.9.6 permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero de subt\u00edtulo de RealText (rt), relativo a la funci\u00f3n ParseRealText en /modules/demux/subtitle.c. NOTA: Este problema es una parte de CVE-2008-5032 en 20081110."}], "id": "CVE-2008-5036", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-11-10T22:18:34.490", "references": [{"source": "cve@mitre.org", "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32569"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33315"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32125"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"}, {"source": "cve@mitre.org", "url": "http://www.videolan.org/security/sa0810.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.videolan.org/security/sa0810.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7051"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}