Sign in Subscribe

← All advisories

Medium severity5.5NVD Advisory· Published May 23, 2017· Updated May 13, 2026

CVE-2017-8314

CVE-2017-8314

Description

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

Affected products

3

Kodi/Kodi
cpe:2.3:a:kodi:kodi:*:*:*:*:*:*:*:*
Range: <=17.1
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
XBMC Foundation/Kodi (XBMC)v5
Range: <= v17.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

github.com/xbmc/xbmc/pull/12024nvdPatchVendor Advisory
www.securityfocus.com/bid/98668nvdThird Party AdvisoryVDB Entry
lists.debian.org/debian-lts-announce/2018/01/msg00019.htmlnvdMailing ListThird Party Advisory
security.gentoo.org/glsa/201706-17nvdThird Party Advisory

News mentions

0

No linked articles in our index yet.