CVE-2008-5036

Name of the Vulnerable Software and Affected Versions VLC media player versions 0.9.x through 0.9.5

Description The issue is related to a stack-based buffer overflow that might allow attackers to execute arbitrary code via an invalid RealText (rt) subtitle file. This is related to the ParseRealText function in modules/demux/subtitle.c. The vulnerability can be exploited by using a specially crafted RealText file, potentially allowing an attacker to execute arbitrary code.

Recommendations For versions 0.9.x through 0.9.5, update to version 0.9.6 or later to resolve the issue. As a temporary workaround, consider disabling the use of RealText subtitle files until a patch is available.