Vulnerability Description
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Videolan | Vlc Media Player | 2.2.0 |
Related Weaknesses (CWE)
References
- http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsde
- http://www.debian.org/security/2017/dsa-3899
- http://www.securityfocus.com/bid/98638Third Party AdvisoryVDB Entry
- https://security.gentoo.org/glsa/201707-10
- http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsde
- http://www.debian.org/security/2017/dsa-3899
- http://www.securityfocus.com/bid/98638Third Party AdvisoryVDB Entry
- https://security.gentoo.org/glsa/201707-10
FAQ
What is CVE-2017-8310?
CVE-2017-8310 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (c...
How severe is CVE-2017-8310?
CVE-2017-8310 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8310?
Check the references section above for vendor advisories and patch information. Affected products include: Videolan Vlc Media Player.