CVE-2008-5032

Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player versions 0.5.0 through 0.9.5

Description The issue is related to a stack-based buffer overflow that might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file. This is related to the modules/access/vcd/cdrom.c module. The error in the CUE demuxer allows the buffer overflow to occur when a specially crafted CUE file image is used. If successfully exploited, an attacker may be able to execute arbitrary code.

Recommendations For versions 0.5.0 through 0.9.5, consider disabling the CUE demuxer functionality until a patch is available to prevent potential exploitation. Restrict access to the cdrom.c module in the modules/access/vcd directory to minimize the risk of exploitation. Avoid using specially crafted CUE file images in the affected VLC media player versions until the issue is resolved.