PT-2017-2429 · Videolan+3 · Vlc Media Player+3

Bingchang Liu

Published

2017-06-02

Updated

2024-06-15

CVE-2017-10699

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions avcodec versions 2.2.x VideoLAN VLC media player versions 2.2.7-x before 2017-06-29

Description The issue is caused by an out-of-bounds heap memory write due to calling memcpy() with a wrong size. This can lead to a denial of service (application crash) or possibly code execution. The vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For avcodec version 2.2.x, update to a version released after 2017-06-29 to resolve the issue. For VideoLAN VLC media player version 2.2.7-x, update to a version released after 2017-06-29 to resolve the issue. As a temporary workaround, consider restricting the use of the avcodec module until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALT-PU-2017-1685

BDU:2017-01634

CVE-2017-10699

DSA-4045-1

MGASA-2017-0424

MGASA-2017-0433

OPENSUSE-SU-2024:11502-1

USN-4805-1

Affected Products

Alt Linux

Ubuntu

Vlc Media Player

Avcodec

PT-2017-2429 · Videolan+3 · Vlc Media Player+3

CVE-2017-10699

Weakness Enumeration

Related Identifiers

Affected Products

References · 63