Test ID:	1.3.6.1.4.1.25623.1.0.811053
Category:	Buffer overflow
Title:	VLC Media Player Subtitle Remote Code Execution Vulnerability - Mac OS X
Summary:	VLC media player is prone to a heap overflow vulnerability.
Description:	Summary: VLC media player is prone to a heap overflow vulnerability. Vulnerability Insight: The flaw exists due to the poor state of security in the way media player process subtitle files and the large number of subtitle formats. There are over 25 subtitle formats in use, each with unique features and capabilities. Media player often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience. Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities. Vulnerability Impact: Successful exploitation will allow remote attackers to take complete control over any device running them. Affected Software/OS: VideoLAN VLC media player before 2.2.5.1 on Mac OS X. Solution: Upgrade to VideoLAN VLC media player version 2.2.5.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8313 BugTraq ID: 98633 http://www.securityfocus.com/bid/98633 Debian Security Information: DSA-3899 (Google Search) http://www.debian.org/security/2017/dsa-3899 https://security.gentoo.org/glsa/201707-10 Common Vulnerability Exposure (CVE) ID: CVE-2017-8312 BugTraq ID: 98631 http://www.securityfocus.com/bid/98631 Common Vulnerability Exposure (CVE) ID: CVE-2017-8311 BugTraq ID: 98634 http://www.securityfocus.com/bid/98634 https://www.exploit-db.com/exploits/44514/ Common Vulnerability Exposure (CVE) ID: CVE-2017-8310 BugTraq ID: 98638 http://www.securityfocus.com/bid/98638
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.