CVE-2017-9301

Name of the Vulnerable Software and Affected Versions VLC media player version 2.2.4

Description The issue allows remote attackers to cause a denial of service, resulting in an invalid read and application crash, or possibly have other unspecified impacts via a crafted file. This is due to a problem in the pluginsaudio filterlibmpgatofixed32 plugin.dll component of the VLC media player.

Recommendations For version 2.2.4, consider updating to a newer version to mitigate the risk, although the specific fixed version is not provided. As a temporary workaround, consider disabling the use of the libmpgatofixed32 plugin.dll plugin until a patch is available.