What is CVE-2017-8311?

CVE-2017-8311 is a high-severity vulnerability in Videolan Vlc, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-05-23.

How severe is CVE-2017-8311?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-8311 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Videolan Vlc

CVE-2017-8311

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

Vulnerability class: Buffer Overflow

EPSS: 0.071 (91.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Videolan Vlc — versions <2.2.5
Videolan Vlc_media_player

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

cve@checkpoint.com (vendor-advisory, x_refsource_GENTOO)
cve@checkpoint.com (exploit, x_refsource_EXPLOIT-DB)
cve@checkpoint.com (vdb-entry, x_refsource_BID)
cve@checkpoint.com (x_refsource_CONFIRM)
cve@checkpoint.com (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2017-8311?: CVE-2017-8311 is a high-severity vulnerability in Videolan Vlc, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-05-23.
How severe is CVE-2017-8311?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-8311 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.