CVE-2008-5276

Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player versions 0.9.0 through 0.9.7

Description The issue is caused by an integer overflow in the ReadRealIndex function in the Real demuxer plugin, which can trigger a heap-based buffer overflow. This allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file.

Recommendations For versions 0.9.0 through 0.9.7, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider avoiding the use of the Real demuxer plugin or restricting access to .rm files until a patch is available.