CVE-2017-8314
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-8314
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8314.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-8314
- Related
- Published
- 2017-05-23T21:29:00Z
- Modified
- 2025-04-20T03:52:08.246664Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
- References
Affected packages
Debian:11 / kodi
Package
- Name
- kodi
- Purl
- pkg:deb/debian/kodi?arch=source
Debian:12 / kodi
Package
- Name
- kodi
- Purl
- pkg:deb/debian/kodi?arch=source
Debian:13 / kodi
Package
- Name
- kodi
- Purl
- pkg:deb/debian/kodi?arch=source
Git / github.com/xbmc/xbmc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xbmc/xbmc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
14.*
14.0a2-Helix
14.0a3-Helix
14.0a4-Helix
14.0b1-Helix
14.0b2-Helix
14.0b3-Helix
14.0b4-Helix
14.0b5-Helix
14.0rc1-Helix
14.0rc2-Helix
14.0rc3-Helix
15.*
15.0a1-Isengard
15.0a2-Isengard
15.0b1-Isengard
15.0b2-Isengard
15.0rc1-Isengard
16.*
16.0a1-Jarvis
16.0a2-Jarvis
16.0a3-Jarvis
16.0a4-Jarvis
16.0b1-Jarvis
16.0b2-Jarvis
17.*
17.0-Krypton
17.0a1-Krypton
17.0a2-Krypton
17.0a3-Krypton
17.0b1-Krypton
17.0b2-Krypton
17.0b3-Krypton
17.0b4-Krypton
17.0b5-Krypton
17.0b6-Krypton
17.0b7-Krypton
17.0rc1-Krypton
17.0rc2-Krypton
17.0rc3-Krypton
17.0rc4-Krypton
17.1-Krypton
17.1rc1-Krypton
Other
Frodo_alpha1
Frodo_alpha2
Frodo_alpha3
Frodo_alpha4
Frodo_alpha5
Frodo_alpha6
Frodo_alpha7
Frodo_beta1
Frodo_beta2
Frodo_beta3
Frodo_rc1
Frodo_rc2
Frodo_rc3
Gotham_alpha1
Gotham_alpha10
Gotham_alpha11
Gotham_alpha2
Gotham_alpha3
Gotham_alpha4
Gotham_alpha5
Gotham_alpha6
Gotham_alpha7
Gotham_alpha8
Gotham_alpha9
legacy_drop_vs