CVE-2017-10699
published 2017-06-30CVE-2017-10699: avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong…
PriorityP342critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.48%
90.3th percentile
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 2.2.6-3 (bookworm) | vlc 2.2.6-3 (bookworm) |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
| videolan | vlc_media_player | >= 0 < 2.1.6-0ubuntu14.04.5+esm1 | 2.1.6-0ubuntu14.04.5+esm1 |
| videolan | vlc_media_player | >= 0 < 2.2.2-5ubuntu0.16.04.5+esm1 | 2.2.2-5ubuntu0.16.04.5+esm1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
VLC vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 9.8
CVE-2017-10699 [CRITICAL] VLC vulnerabilities
Title: VLC vulnerabilities
Summary: VLC could be made to crash or run programs if it opened a specially
crafted file.
It was discovered that VLC mishandled certain crafted media files. An
attacker could use this vulnerability to cause a denial of service (crash)
or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM.
(CVE-2017-10699)
It was discovered that VLC mishandled certain crafted MKV files. An
attacker could use this vulnerability to cause a denial of service (crash)
or possibly execute arbitrary code. (CVE-2018-11529)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2017-10699: vlc - avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, a...
vendor_debian·2017·CVSS 9.8
CVE-2017-10699 [CRITICAL] CVE-2017-10699: vlc - avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, a...
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
Scope: local
bookworm: resolved (fixed in 2.2.6-3)
bullseye: resolved (fixed in 2.2.6-3)
forky: resolved (fixed in 2.2.6-3)
sid: resolved (fixed in 2.2.6-3)
trixie: resolved (fixed in 2.2.6-3)
GHSA
GHSA-6367-fpmm-r9xr: avcodec 2
ghsa_unreviewed·2022-05-17
CVE-2017-10699 [CRITICAL] CWE-787 GHSA-6367-fpmm-r9xr: avcodec 2
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
OSV
vlc vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2017-10699 [CRITICAL] vlc vulnerabilities
vlc vulnerabilities
It was discovered that VLC mishandled certain crafted media files. An
attacker could use this vulnerability to cause a denial of service (crash)
or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM.
(CVE-2017-10699)
It was discovered that VLC mishandled certain crafted MKV files. An
attacker could use this vulnerability to cause a denial of service (crash)
or possibly execute arbitrary code. (CVE-2018-11529)
OSV
CVE-2017-10699: avcodec 2
osv·2017-06-30·CVSS 9.8
CVE-2017-10699 [CRITICAL] CVE-2017-10699: avcodec 2
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-06-30
Published