CVE-2008-5032

VLC media player 0.5.0-0.9.5 - Stack-based Buffer Overflow via Invalid CUE Image File Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5032. PoCs published by Dr_IDE.

AI-analyzed exploit summary This exploit generates a malformed .CUE file that triggers a buffer overflow in VLC Media Player versions prior to 0.9.6. The PoC creates a file with an overly long string to exploit the vulnerability, potentially leading to arbitrary code execution.

Description

Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dr_IDE · pythondoswindows

https://www.exploit-db.com/exploits/9686

View Code ZIP pw:eip

This exploit generates a malformed .CUE file that triggers a buffer overflow in VLC Media Player versions prior to 0.9.6. The PoC creates a file with an overly long string to exploit the vulnerability, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: VLC Media Player < 0.9.6

No auth needed

Prerequisites: VLC Media Player < 0.9.6 installed on the target system · Ability to deliver the malicious .CUE file to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/11/05/4

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46375

Vendor Advisory x_refsource_confirm

http://www.videolan.org/security/sa0810.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498112/100/0/threaded

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/11/05/5

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/11/10/13

Patch x_refsource_confirm

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=5f63f1562d43f32331006c2c1a61742de031b84d

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32569

Exploit x_refsource_misc

http://www.trapkit.de/advisories/TKADV2008-012.txt

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33315

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32125

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200812-24.xml

Scores

EPSS 0.1067

EPSS Percentile 95.2%

Details

CWE

CWE-119

Status published

Products (31)

videolan/vlc_media_player 0.5.0

videolan/vlc_media_player 0.5.3

videolan/vlc_media_player 0.6.0

videolan/vlc_media_player 0.6.2

videolan/vlc_media_player 0.7.0

videolan/vlc_media_player 0.7.1

videolan/vlc_media_player 0.7.1a

videolan/vlc_media_player 0.7.2 (3 CPE variants)

videolan/vlc_media_player 0.8.0

videolan/vlc_media_player 0.8.1

... and 21 more

Published Nov 10, 2008

Tracked Since Feb 18, 2026