Jiaqi Peng

**Name of the Vulnerable Software and Affected Versions** avcodec versions 2.2.x VideoLAN VLC media player versions 2.2.7-x before 2017-06-29 **Description** The issue is caused by an out-of-bounds heap memory write due to calling `memcpy()` with a wrong size. This can lead to a denial of service (application crash) or possibly code execution. The vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For avcodec version 2.2.x, update to a version released after 2017-06-29 to resolve the issue. For VideoLAN VLC media player version 2.2.7-x, update to a version released after 2017-06-29 to resolve the issue. As a temporary workaround, consider restricting the use of the `avcodec` module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** poppler versions 0.17.3 and later **Description** The issue is related to a NULL pointer dereference in the `pdfunite` component of poppler, triggered by specially crafted documents. **Recommendations** For poppler versions 0.17.3 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.