What is CVE-2008-5036?

CVE-2008-5036 is a vulnerability in N/a. Published 2008-11-10.

Is CVE-2008-5036 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-5036

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux…

EPSS: 0.687 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

[oss-security] 20081105 VideoLAN security advisory 0810 (mailing-list, x_refsource_MLIST)
git.videolan.org/ (x_refsource_CONFIRM)
20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)
www.videolan.org/security/sa0810.html (x_refsource_CONFIRM)
7051 (exploit, x_refsource_EXPLOIT-DB)
vlcmediaplayer-realtext-bo(46376) (vdb-entry, x_refsource_XF)
www.trapkit.de/advisories/TKADV2008-011.txt (x_refsource_MISC)
[oss-security] 20081105 CVE id request: vlc (mailing-list, x_refsource_MLIST)
[oss-security] 20081110 Re: CVE id request: vlc (mailing-list, x_refsource_MLIST)
32569 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2008-5036?: CVE-2008-5036 is a vulnerability in N/a. Published 2008-11-10.
Is CVE-2008-5036 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.