CVE-2008-5276

N/A Unknown

Published: December 03, 2008 Modified: April 23, 2026

Description

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07

Source: cve@mitre.org

http://secunia.com/advisories/32942

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/33315

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200812-24.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/4680

Source: cve@mitre.org

http://www.osvdb.org/50333

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/498768/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/32545

Source: cve@mitre.org

http://www.trapkit.de/advisories/TKADV2008-013.txt

Source: cve@mitre.org

Exploit

http://www.videolan.org/security/sa0811.html

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3287

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793

Source: cve@mitre.org

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32942

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/33315

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200812-24.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4680

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/50333

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/498768/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/32545

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.trapkit.de/advisories/TKADV2008-013.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.videolan.org/security/sa0811.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3287

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

5.9%

91th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-189

Affected Vendors

videolan

Related CVEs

CVE-2026-41044 N/A

CVE-2026-41043 N/A

CVE-2026-40466 N/A

CVE-2025-62233 N/A

CVE-2026-6272 N/A