{"id":"CVE-2017-8313","details":"Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.","modified":"2026-03-15T22:24:44.685125Z","published":"2017-05-23T21:29:00.307Z","references":[{"type":"WEB","url":"http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"},{"type":"WEB","url":"http://www.securityfocus.com/bid/98633"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3899"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201707-10"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.2.4"}]},{"events":[{"introduced":"0"},{"fixed":"2.2.5"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8313.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}