CVE-2017-8311

HIGH

Videolan Vlc Media Player < 2.2.4 - Memory Corruption

Title source: rule
STIX 2.1

Description

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

Exploits (1)

exploitdb WORKING POC
by SivertPL · pythondoswindows
https://www.exploit-db.com/exploits/44514

References (5)

Scores

CVSS v3 7.8
EPSS 0.0705
EPSS Percentile 91.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
VideoLAN/VLC <2.2.5
videolan/vlc_media_player < 2.2.4
Published May 23, 2017
Tracked Since Feb 18, 2026