CVE-2017-10699Out-of-bounds Write in VLC Media Player

CWE-787Out-of-bounds Write7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Videolan VLC Media Player
Timeline
PublishedJun 30
Latest updateMay 17

Description

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debianvideolan/vlc_media_player< 2.2.6-3+3
Ubuntuvideolan/vlc_media_player< 2.1.6-0ubuntu14.04.5+esm1+1
NVDvideolan/vlc_media_player9 versions+8

🔴Vulnerability Details

4
GHSA
GHSA-6367-fpmm-r9xr: avcodec 22022-05-17
OSV
vlc vulnerabilities2021-03-15
OSV
CVE-2017-10699: avcodec 22017-06-30
CVEList
CVE-2017-10699: avcodec 22017-06-30

📋Vendor Advisories

2
Ubuntu
VLC vulnerabilities2021-03-15
Debian
CVE-2017-10699: vlc - avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, a...2017
CVE-2017-10699 — Out-of-bounds Write | cvebase