CVE-2017-8311

high

Description

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

References

https://security.gentoo.org/glsa/201707-10

http://www.debian.org/security/2017/dsa-3899

https://www.exploit-db.com/exploits/44514/

http://www.securityfocus.com/bid/98634

http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6

Details

Source: Mitre, NVD

Published: 2017-05-23

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.09341

Detections

Analytics