PT-2017-18279 · Xbmc Foundation+1 · Kodi+1

Rechi

Published

2017-05-23

Updated

2019-10-03

CVE-2017-8314

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kodi versions 17.1 and earlier

Description The issue allows for arbitrary file write on disk via a Zip file used as subtitles, due to a Directory Traversal vulnerability in the Zip Extraction built-in function.

Recommendations For Kodi versions 17.1 and earlier, update to a version that contains a fix for this issue, as using the built-in Zip Extraction function with subtitles from untrusted sources can lead to arbitrary file writes on disk.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2017-1659

CVE-2017-8314

DLA-1243-1

Affected Products

Alt Linux

Kodi

PT-2017-18279 · Xbmc Foundation+1 · Kodi+1

CVE-2017-8314

Weakness Enumeration

Related Identifiers

Affected Products

References · 20