CVE-2017-8310

Priority
Description
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to
missing check of string termination allows attackers to read data beyond
allocated memory and potentially crash the process (causing a denial of
service) via a crafted subtitles file.
Notes
Package
Source: vlc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [2.1.6-0ubuntu14.04.3])
Ubuntu 16.04 LTS (Xenial Xerus):released (2.2.2-5ubuntu0.16.04.3)
Patches:
Upstream:http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
More Information

Updated: 2020-07-28 20:02:50 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)