CVE-2008-0296

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
videolanvlc_media_player
𝑥
≤ 0.8.6d
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vlc
bullseye (security)
3.0.21-0+deb11u1
fixed
bullseye
3.0.21-0+deb11u1
fixed
bookworm
3.0.21-0+deb12u1
fixed
bookworm (security)
3.0.21-0+deb12u1
fixed
sid
3.0.21-2
fixed
trixie
3.0.21-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vlc
karmic
Fixed 0.8.6e-0ubuntu1
released
jaunty
Fixed 0.8.6e-0ubuntu1
released
intrepid
Fixed 0.8.6e-0ubuntu1
released
hardy
Fixed 0.8.6e-0ubuntu1
released
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://aluigi.altervista.org/adv/vlcxhof-adv.txt
http://secunia.com/advisories/29284
http://secunia.com/advisories/29766
http://www.debian.org/security/2008/dsa-1543
http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
http://www.vupen.com/english/advisories/2008/0105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597
http://aluigi.altervista.org/adv/vlcxhof-adv.txt
http://secunia.com/advisories/29284
http://secunia.com/advisories/29766
http://www.debian.org/security/2008/dsa-1543
http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
http://www.vupen.com/english/advisories/2008/0105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597