CVE-2017-8314

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-8314
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8314.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-8314
Downstream
Published
2017-05-23T21:29:00.337Z
Modified
2026-03-10T14:29:30.823264Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

References

Affected packages

Git / github.com/xbmc/xbmc

Affected ranges

Type
GIT
Repo
https://github.com/xbmc/xbmc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fc1619b118f6d503f920a49cf4ac4afcd0dd6b41
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "17.1"
        }
    ]
}

Affected versions

14.*
14.0a2-Helix
14.0a3-Helix
14.0a4-Helix
14.0b1-Helix
14.0b2-Helix
14.0b3-Helix
14.0b4-Helix
14.0b5-Helix
14.0rc1-Helix
14.0rc2-Helix
14.0rc3-Helix
15.*
15.0a1-Isengard
15.0a2-Isengard
15.0b1-Isengard
15.0b2-Isengard
15.0rc1-Isengard
16.*
16.0a1-Jarvis
16.0a2-Jarvis
16.0a3-Jarvis
16.0a4-Jarvis
16.0b1-Jarvis
16.0b2-Jarvis
17.*
17.0-Krypton
17.0a1-Krypton
17.0a2-Krypton
17.0a3-Krypton
17.0b1-Krypton
17.0b2-Krypton
17.0b3-Krypton
17.0b4-Krypton
17.0b5-Krypton
17.0b6-Krypton
17.0b7-Krypton
17.0rc1-Krypton
17.0rc2-Krypton
17.0rc3-Krypton
17.0rc4-Krypton
17.1-Krypton
17.1rc1-Krypton
Other
Frodo_alpha1
Frodo_alpha2
Frodo_alpha3
Frodo_alpha4
Frodo_alpha5
Frodo_alpha6
Frodo_alpha7
Frodo_beta1
Frodo_beta2
Frodo_beta3
Frodo_rc1
Frodo_rc2
Frodo_rc3
Gotham_alpha1
Gotham_alpha10
Gotham_alpha11
Gotham_alpha2
Gotham_alpha3
Gotham_alpha4
Gotham_alpha5
Gotham_alpha6
Gotham_alpha7
Gotham_alpha8
Gotham_alpha9
legacy_drop_vs

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8314.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]