CVE-2017-8311

Priority
Description
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before
2.2.5 due to skipping NULL terminator in an input string allows attackers
to execute arbitrary code via a crafted subtitles file.
Notes
Package
Source: vlc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [2.1.6-0ubuntu14.04.3])
Ubuntu 16.04 LTS (Xenial Xerus):released (2.2.2-5ubuntu0.16.04.3)
Patches:
Upstream:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
More Information

Updated: 2020-01-29 20:00:02 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)