CVE-2017-8310
First published: Tue May 23 2017(Updated: )
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
Credit: cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VideoLAN VLC media player | =2.2.0 | |
| VideoLAN VLC media player | =2.2.1 | |
| VideoLAN VLC media player | =2.2.2 | |
| VideoLAN VLC media player | =2.2.3 | |
| VideoLAN VLC media player | =2.2.4 | |
| VideoLAN VLC media player | =2.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29
- http://www.debian.org/security/2017/dsa-3899
- http://www.securityfocus.com/bid/98638
- https://security.gentoo.org/glsa/201707-10
- http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29
Frequently Asked Questions
What is the severity of CVE-2017-8310?
CVE-2017-8310 has a moderate severity level due to the potential for denial of service caused by a heap out-of-bound read.
Which versions of VLC media player are affected by CVE-2017-8310?
CVE-2017-8310 affects VLC media player versions 2.2.0 through 2.2.5.
How do I fix CVE-2017-8310?
To fix CVE-2017-8310, upgrade to a newer version of VLC media player that addresses this vulnerability.
What types of attacks are possible with CVE-2017-8310?
CVE-2017-8310 allows attackers to read data beyond allocated memory, potentially leading to a process crash.
What component of VLC is impacted by CVE-2017-8310?
CVE-2017-8310 impacts the CreateHtmlSubtitle function in VLC's subtitle processing.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/videolan
- canonical/videolan vlc media player
- version/videolan vlc media player/2.2.0
- version/videolan vlc media player/2.2.1
- version/videolan vlc media player/2.2.2
- version/videolan vlc media player/2.2.3
- version/videolan vlc media player/2.2.4
- version/videolan vlc media player/2.2.5