CVE-2017-10699
Published: 30 June 2017
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
From the Ubuntu Security Team
It was discovered that VLC mishandled certain crafted media files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code.
Notes
Author | Note |
---|---|
ratliff | notes from the upstream: "The avcodec library does not gives bogus video sizes on 3.0, so the issue only exists on the 2.2.x branch. Fixes have been pushed on the 2.2.x branch and guards added as well on both versions." |
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
disco |
Not vulnerable
(2.2.6-2ubuntu1)
|
trusty |
Released
(2.1.6-0ubuntu14.04.5+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needs triage
|
|
xenial |
Released
(2.2.2-5ubuntu0.16.04.3)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Released
(2.2.4-14ubuntu2.1)
|
|
artful |
Not vulnerable
(2.2.6-2ubuntu1)
|
|
bionic |
Not vulnerable
(2.2.6-2ubuntu1)
|
|
cosmic |
Not vulnerable
(2.2.6-2ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |