Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
CVSS Details
- CVSS 3.0 Base Score: 7.8
- CVSS 3.0 Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Arch Linux | arch-linux-upgrade-latest | Jul 11, 2025 | May 23, 2017 | |
| Debian | debian-upgrade-vlc | Jun 29, 2017 | May 23, 2017 | |
| Gentoo Linux | gentoo-linux-upgrade-media-video-vlc | Oct 30, 2017 | May 23, 2017 | |
| Ubuntu | ubuntu-upgrade-vlc | Nov 19, 2024 | May 23, 2017 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub