Launchpad.net

CVE 2017-8310

Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.

Related bugs and status

CVE-2017-8310 (Candidate) is related to these bugs:

Bug #1693893: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

		In	Importance	Status
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Zesty)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Xenial)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Artful)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.videolan.or...
BID: 98638
GENTOO: GLSA-201707-10
DEBIAN: DSA-3899