First published: Fri Jun 30 2017(Updated: )
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/vlc | 3.0.17.4-0+deb10u1 3.0.17.4-0+deb10u2 3.0.18-0+deb11u1 3.0.18-2 3.0.19-1 | |
Videolan Vlc Media Player | =2.2.0 | |
Videolan Vlc Media Player | =2.2.1 | |
Videolan Vlc Media Player | =2.2.2 | |
Videolan Vlc Media Player | =2.2.3 | |
Videolan Vlc Media Player | =2.2.4 | |
Videolan Vlc Media Player | =2.2.5 | |
Videolan Vlc Media Player | =2.2.5.1 | |
Videolan Vlc Media Player | =2.2.6 | |
Videolan Vlc Media Player | =2.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-10699 is assessed as critical, with a score of 9.8.
To fix CVE-2017-10699, update VLC media player to version 3.0.17.4 or later.
CVE-2017-10699 exploits an out-of-bounds heap memory write due to incorrect parameters in memcpy().
Affected versions include VLC media player 2.2.0 through 2.2.7.
The potential impact of CVE-2017-10699 includes denial of service or possible remote code execution.