CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
46.9%
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
Vendor | Product | Version | CPE |
---|---|---|---|
videolan | vlc_media_player | 2.2.0 | cpe:2.3:a:videolan:vlc_media_player:2.2.0:*:*:*:*:*:*:* |
videolan | vlc_media_player | 2.2.1 | cpe:2.3:a:videolan:vlc_media_player:2.2.1:*:*:*:*:*:*:* |
videolan | vlc_media_player | 2.2.2 | cpe:2.3:a:videolan:vlc_media_player:2.2.2:*:*:*:*:*:*:* |
videolan | vlc_media_player | 2.2.3 | cpe:2.3:a:videolan:vlc_media_player:2.2.3:*:*:*:*:*:*:* |
videolan | vlc_media_player | 2.2.4 | cpe:2.3:a:videolan:vlc_media_player:2.2.4:*:*:*:*:*:*:* |
videolan | vlc_media_player | 2.2.5 | cpe:2.3:a:videolan:vlc_media_player:2.2.5:*:*:*:*:*:*:* |
[
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "2.2.*"
}
]
}
]
git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29
www.debian.org/security/2017/dsa-3899
www.securityfocus.com/bid/98638
security.gentoo.org/glsa/201707-10
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
46.9%