Vulnerability CVE-2017-8311: Information
Description
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
vlc | sisyphus | 3.0.0-alt1.git7b57ce6 | 3.0.20-alt1 | ALT-PU-2017-1685-1 | 183313 | Fixed |
vlc | p10 | 3.0.0-alt1.git7b57ce6 | 3.0.18-alt3 | ALT-PU-2017-1685-1 | 183313 | Fixed |
vlc | p9 | 3.0.0-alt1.git7b57ce6 | 3.0.16-alt1 | ALT-PU-2017-1685-1 | 183313 | Fixed |
vlc | p8 | 2.2.6-alt1.M80P.1 | 2.2.6.20170917-alt1.M80P.1 | ALT-PU-2017-2376-1 | 188934 | Fixed |
vlc | c10f1 | 3.0.0-alt1.git7b57ce6 | 3.0.18-alt3 | ALT-PU-2017-1685-1 | 183313 | Fixed |
vlc | c9f2 | 3.0.0-alt1.git7b57ce6 | 3.0.11-alt1 | ALT-PU-2017-1685-1 | 183313 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
GLSA-201707-10 | |
98634 | |
DSA-3899 | |
44514 | |
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6 |