Main Vulnerability Database Vulnerabilities #VU6673

#VU6673 Heap-based buffer overflow in VLC Media Player - CVE-2017-8311

Published: May 24, 2017 / Updated: June 17, 2021

Vulnerability identifier: #VU6673

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2017-8311

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
VLC Media Player

Software vendor:
VideoLAN

Description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code and take over the device.

The weakness exists due to a boundary error in ParseJSS in VideoLAN VLC when processing subtitles. A remote attacker can create specially crafted subtitle file, which when loaded by the target user with the help of affected software leads to arbitrary code execution.

Successful exploitation of the vulnerability may result in full control over the affected PC.

Remediation

Update to version 2.2.5.1.

External links

http://blog.checkpoint.com/2017/05/23/hacked-in-translation/

#VU6673 Heap-based buffer overflow in VLC Media Player - CVE-2017-8311

Description

Remediation

External links

Please verify you're human