CVE-2008-5032
vlc - buffer overflows
EPSS 18.2%
Description
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
How to fix CVE-2008-5032
To remediate CVE-2008-5032, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 0.8.6.h-5 or later
- Debian/vlc—upgrade to 0.8.6.h-4+lenny2 or later
Is CVE-2008-5032 being exploited?
Moderate — EPSS is 18.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.8.6.h-5
- from 0, < 0.8.6.h-4+lenny2