cbcvebase.
CVE-2017-8311
published 2017-05-23

CVE-2017-8311: Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute…

PriorityP347high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
8.77%
94.5th percentile
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianvlc< vlc 2.2.5-1 (bookworm)vlc 2.2.5-1 (bookworm)
videolanvlc
videolanvlc_media_player<= 2.2.4
videolanvlc_media_player>= 0 < 2.2.5-12.2.5-1
videolanvlc_media_player>= 0 < 2.2.5-12.2.5-1
videolanvlc_media_player>= 0 < 2.2.5-12.2.5-1
videolanvlc_media_player>= 0 < 2.2.5-12.2.5-1

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.