{"id":"CVE-2017-8311","details":"Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.","modified":"2026-03-15T22:24:44.999542Z","published":"2017-05-23T21:29:00.227Z","references":[{"type":"WEB","url":"https://www.exploit-db.com/exploits/44514/"},{"type":"WEB","url":"http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"},{"type":"WEB","url":"http://www.securityfocus.com/bid/98634"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201707-10"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3899"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.2.4"}]},{"events":[{"introduced":"0"},{"fixed":"2.2.5"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8311.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}