CVE-2017-8311 — Vulnetix

CVE-2017-8311 PUBLISHED CVSS 7.800000190734863 HIGH

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

EPSS 7.05% · 91.7th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

7.05%

91.7th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB Ability Camera Connect <=1.5.0.14

Exploit Intelligence

44514 (cve.org)
VLC Media Player/Kodi/PopcornTime Red Chimera < 2.2.5 - Memory Corruption Exploit (PoC) (0day-today)
VLC Media Player/Kodi/PopcornTime Red Chimera < 2.2.5 - Memory Corruption Exploit (PoC) (0day-today)

Timeline

May 23, 2017 CVE Published
Mar 4, 2018 PoC Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 11, 2023 EPSS Score

References

Open in Interactive Console →