AVG-283

Package vlc
Status Fixed
Severity High
Type multiple issues
Affected 2.2.4-9
Fixed 2.2.6-1
Current 3.0.3-1 [extra]
Ticket FS#54194
Created Tue May 30 21:26:17 2017
Issue Severity Remote Type Description
CVE-2017-8312 Medium No Denial of service
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted...
CVE-2017-8311 High No Arbitrary code execution
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute...
CVE-2017-8310 Medium No Denial of service
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated...
Date Advisory Package Description
01 Jun 2017 ASA-201706-1 vlc multiple issues