Published: 23/05/2017 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC prior to 2.2.5 due to skipping NULL terminator in an input string allows malicious users to execute arbitrary code via a crafted subtitles file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player

Several vulnerabilities have been found in VLC, the VideoLAN project's media player Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 226-1~deb8u1 We recommend that you upgrade your vlc ...

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 225 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file ...

""" VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 225 Memory Corruption (PoC) Author: SivertPL (kroppoloe@protonmailch) CVE: CVE-2017-8311 Infamous VLC/Kodi/PopcornTime subtitle attack in libsubtitle_plugindll This is the Proof of Concept of the reverse engineered heap corruption vulnerability affecting JacoSUB parsing in VLC/Kodi/Popc ...

VLC Media Player/Kodi/PopcornTime versions prior to 225 Red Chimera memory corruption proof of concept exploit ...

CWE-119 https://security.gentoo.org/glsa/201707-10 http://www.securityfocus.com/bid/98634 http://www.debian.org/security/2017/dsa-3899 https://www.exploit-db.com/exploits/44514/http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6 https://nvd.nist.gov https://www.debian.org/security/./dsa-3899 https://www.exploit-db.com/exploits/44514/

CVE-2017-8311

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect