Published: 23/05/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows malicious users to read heap uninitialized data via a crafted subtitles file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player
debian debian linux 8.0

Several vulnerabilities have been found in VLC, the VideoLAN project's media player Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 226-1~deb8u1 We recommend that you upgrade your vlc ...

Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file ...

CWE-125 https://security.gentoo.org/glsa/201707-10 http://www.securityfocus.com/bid/98631 http://www.debian.org/security/2017/dsa-3899 http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9 https://nvd.nist.gov https://www.debian.org/security/./dsa-3899

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8312

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect