CVE-2017-8313

Published: May 23, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.

Affected (1)

Products: Videolan: Vlc Media Player

Videolan

1 product

Vlc Media Player

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Up to 2.2.4

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (8)

http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c

Source: cve@checkpoint.com

http://www.debian.org/security/2017/dsa-3899

Source: cve@checkpoint.com

http://www.securityfocus.com/bid/98633

Source: cve@checkpoint.com

https://security.gentoo.org/glsa/201707-10

Source: cve@checkpoint.com

http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2017/dsa-3899

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/98633

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201707-10

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.