Rapid7 Vulnerability & Exploit Database

VideoLAN-SA-0811: Buffer overflow in Real demuxer

Back to Search

VideoLAN-SA-0811: Buffer overflow in Real demuxer

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
12/03/2008
Created
07/25/2018
Added
01/24/2013
Modified
05/30/2016

Description

Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Solution(s)

  • videolan-vlc-upgrade-0_9_8a

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;