CVE 2008-5036
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/
Related bugs and status
CVE-2008-5036 (Candidate) is related to these bugs:
Bug #285922: vlc: buffer overflow in TY demux
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 285922 | vlc: buffer overflow in TY demux | vlc (Ubuntu) | Undecided | Fix Released | ||
| 285922 | vlc: buffer overflow in TY demux | vlc (Debian) | Unknown | Fix Released | ||
Bug #295464: VLC media player RealText Processing Stack Overflow
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 295464 | VLC media player RealText Processing Stack Overflow | vlc (Ubuntu) | Undecided | Fix Released | ||
| 295464 | VLC media player RealText Processing Stack Overflow | vlc (Ubuntu Hardy) | Undecided | Won't Fix | ||
Bug #307239: Please backport vlc to 0.9.8a in Intrepid (important security update)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Intrepid Ibex Backports | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Hardy Backports | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu) | Undecided | Fix Released | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Intrepid) | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Karmic Backports | Undecided | Invalid | ||
Bug #313626: Backport 0.9.8a to Intrepid
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 313626 | Backport 0.9.8a to Intrepid | vlc (Ubuntu) | Undecided | New | ||
See the 
CVE page on Mitre.org
for more details.
