Vulnerability CVE-2017-8311: Information

Description

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-8311
Published: May 24, 2017
Modified: Nov. 7, 2023
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
vlcsisyphus3.0.0-alt1.git7b57ce63.0.20-alt1ALT-PU-2017-1685-1183313Fixed
vlcp103.0.0-alt1.git7b57ce63.0.18-alt3ALT-PU-2017-1685-1183313Fixed
vlcp93.0.0-alt1.git7b57ce63.0.16-alt1ALT-PU-2017-1685-1183313Fixed
vlcp82.2.6-alt1.M80P.12.2.6.20170917-alt1.M80P.1ALT-PU-2017-2376-1188934Fixed
vlcc10f13.0.0-alt1.git7b57ce63.0.18-alt3ALT-PU-2017-1685-1183313Fixed
vlcc9f23.0.0-alt1.git7b57ce63.0.11-alt1ALT-PU-2017-1685-1183313Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
GLSA-201707-10
    98634
      DSA-3899
        44514
          http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6

              1. Configuration 1

                cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
                End including
                2.2.4
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.4.2
            Back to top