CVE-2008-5036

Description

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.

How to fix CVE-2008-5036

To remediate CVE-2008-5036, upgrade the affected package to a fixed version below.

• Debian/vlc—upgrade to 1.0.3-1 or later

Is CVE-2008-5036 being exploited?

Likely — EPSS is 68.7%, placing CVE-2008-5036 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 1.0.3-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5036