Launchpad CVE tracker

CVE 2017-8311

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

Related bugs and status

CVE-2017-8311 (Candidate) is related to these bugs:

Bug #1693893: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

		In	Importance	Status
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Zesty)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Xenial)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Artful)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.videolan.or...
GENTOO: GLSA-201707-10
BID: 98634
DEBIAN: DSA-3899
EXPLOIT-DB: 44514

Launchpad.net

CVE 2017-8311

Related bugs and status

Related bugs

References