Main Vulnerability Database Vulnerabilities #VU6673

Heap-based buffer overflow in VLC Media Player - CVE-2017-8311

Published: May 24, 2017 / Updated: June 17, 2021

Vulnerability identifier: #VU6673

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2017-8311

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: VideoLAN

Affected software:
VLC Media Player

Detailed vulnerability description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code and take over the device.

The weakness exists due to a boundary error in ParseJSS in VideoLAN VLC when processing subtitles. A remote attacker can create specially crafted subtitle file, which when loaded by the target user with the help of affected software leads to arbitrary code execution.

Successful exploitation of the vulnerability may result in full control over the affected PC.

How to mitigate CVE-2017-8311

Update to version 2.2.5.1.

Sources

http://blog.checkpoint.com/2017/05/23/hacked-in-translation/

Heap-based buffer overflow in VLC Media Player - CVE-2017-8311

Detailed vulnerability description

How to mitigate CVE-2017-8311

Sources

Please verify you're human