Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 249391 (CVE-2008-5276) - <media-video/vlc-0.9.8a: Buffer overflow in Real demuxer (CVE-2008-5276)
Summary: <media-video/vlc-0.9.8a: Buffer overflow in Real demuxer (CVE-2008-5276)
Alias: CVE-2008-5276
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2008-11-30 14:57 UTC by Alexis Ballier
Modified: 2008-12-25 01:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2008-11-30 14:57:30 UTC


When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a stack-based buffer overflows.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 18:06:26 UTC
Adding "corresponding evaluation" to whiteboard, adding herd (
Comment 2 Alexis Ballier gentoo-dev 2008-12-08 09:11:00 UTC
0.9.8a is in the tree btw
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-09 22:34:09 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 ppc sparc x86"

Comment 4 Markus Meier gentoo-dev 2008-12-10 22:02:04 UTC
amd64/x86 stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-13 13:46:55 UTC
ppc stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2008-12-13 19:17:33 UTC
stable on alpha
Comment 7 Friedrich Oslage (RETIRED) gentoo-dev 2008-12-13 21:09:20 UTC
sparc stable
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-15 14:04:59 UTC
GLSA request filed.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-25 01:17:06 UTC
GLSA 200812-24, thanks everyone.