CVE-2017-8310

Published: 23 May 2017

Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
vlc Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (2.2.2-5ubuntu0.16.04.3)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [2.1.6-0ubuntu14.04.3])
	Patches: Upstream: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8310
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2017-8310

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading