Main Vulnerability Database Exploits ID:2688 - Exploit for Out-of-bounds read in VLC Media Player - CVE-2017-8312

ID:2688 - Exploit for Out-of-bounds read in VLC Media Player - CVE-2017-8312

Published: May 18, 2020

Vulnerability identifier: #VU6888

Vulnerability risk: Low

CVE-ID: CVE-2017-8312

CWE-ID: CWE-125

Exploitation vector: Remote access

Vulnerable software:
VLC Media Player

Link to public exploit:

https://cpr-zero.checkpoint.com/vulns/cprid-1006/

Vulnerability description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to boundary error in ParseJSS in VideoLAN VLC, when processing subtitles. A remote unauthenticated attacker can create a specially crafted subtitle, trick the victim into loading it and trigger application crash via out-of-bounds read.

Remediation

Update to version 2.2.5.1.

ID:2688 - Exploit for Out-of-bounds read in VLC Media Player - CVE-2017-8312

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human