{"id":"CVE-2017-8310","details":"Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.","modified":"2026-04-10T04:02:12.910838Z","published":"2017-05-23T21:29:00.180Z","references":[{"type":"WEB","url":"http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201707-10"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3899"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98638"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/videolan/vlc-3.0","events":[{"introduced":"0"},{"last_affected":"ddba52206f69bb123bea8ed4d4ada07b3cb1223c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.0"}]}}],"versions":["0.9.0","0.9.0-test0","0.9.0-test1","0.9.0-test2","0.9.0-test3","1.0.0-pre1","1.0.0-pre2","1.0.0-rc1","1.1.0-ff","1.1.0-pre1","1.2.0-pre1","1.3.0-git","2.1.0-git","2.2.0-git","svn-trunk"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8310.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.2.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.2.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}