Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-3899-1 | vlc security update |
![]() |
EUVD-2017-17272 | Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: checkpoint
Published:
Updated: 2024-08-05T16:34:22.584Z
Reserved: 2017-04-28T00:00:00
Link: CVE-2017-8311

No data.

Status : Deferred
Published: 2017-05-23T21:29:00.227
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-8311

No data.

No data.