FreeBSD Ports: Vlc-devel Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.trapkit.de/advisories/TKADV2008-013.txt http://www.videolan.org/security/sa0811.html http://www.vuxml.org/freebsd/acf80afa-c3ef-11dd-a721-0030843d3802.html

Insight

The following package is affected: vlc-devel CVE-2008-5276 Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

Severity

Classification

CVE CVE-2008-5276
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeBSD Ports: apr
FreeBSD Ports: bogofilter
FreeBSD Ports: chromium
FreeBSD Ports: chromium
FreeBSD Ports: cacti

FreeBSD Ports: vlc-devel

Take action and discover your vulnerabilities