{"id":"CVE-2017-8314","details":"Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.","modified":"2026-04-10T04:02:16.604358Z","published":"2017-05-23T21:29:00.337Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00019.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201706-17"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98668"},{"type":"FIX","url":"https://github.com/xbmc/xbmc/pull/12024"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xbmc/xbmc","events":[{"introduced":"0"},{"last_affected":"fc1619b118f6d503f920a49cf4ac4afcd0dd6b41"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"17.1"}]}}],"versions":["14.0a2-Helix","14.0a3-Helix","14.0a4-Helix","14.0b1-Helix","14.0b2-Helix","14.0b3-Helix","14.0b4-Helix","14.0b5-Helix","14.0rc1-Helix","14.0rc2-Helix","14.0rc3-Helix","15.0a1-Isengard","15.0a2-Isengard","15.0b1-Isengard","15.0b2-Isengard","15.0rc1-Isengard","16.0a1-Jarvis","16.0a2-Jarvis","16.0a3-Jarvis","16.0a4-Jarvis","16.0b1-Jarvis","16.0b2-Jarvis","17.0-Krypton","17.0a1-Krypton","17.0a2-Krypton","17.0a3-Krypton","17.0b1-Krypton","17.0b2-Krypton","17.0b3-Krypton","17.0b4-Krypton","17.0b5-Krypton","17.0b6-Krypton","17.0b7-Krypton","17.0rc1-Krypton","17.0rc2-Krypton","17.0rc3-Krypton","17.0rc4-Krypton","17.1-Krypton","17.1rc1-Krypton","Frodo_alpha1","Frodo_alpha2","Frodo_alpha3","Frodo_alpha4","Frodo_alpha5","Frodo_alpha6","Frodo_alpha7","Frodo_beta1","Frodo_beta2","Frodo_beta3","Frodo_rc1","Frodo_rc2","Frodo_rc3","Gotham_alpha1","Gotham_alpha10","Gotham_alpha11","Gotham_alpha2","Gotham_alpha3","Gotham_alpha4","Gotham_alpha5","Gotham_alpha6","Gotham_alpha7","Gotham_alpha8","Gotham_alpha9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8314.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}