|
Description: | | Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. |
|
Impact: | | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. |
|
Affected OS: | | Windows |
|
Reference: | | SecurityFocusBID:98634 ExploitDB:44514 http://git.videolan.org/?p=vlc.git a=commitdiff
|
|