CVE-2017-9300 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-78 — OS Command Injection CWE-264 CWE-20 — Improper Input Validation14 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 36.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedMay 29

Latest updateMay 17

Description

plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 2.2.6-3+3

▶NVDvideolan/vlc_media_player2.2.4

🔴Vulnerability Details

GHSA

GHSA-8hr4-qhgg-4984: plugins\codec\libflac_plugin↗2022-05-17

▶

CVEList

CVE-2017-9300: plugins\codec\libflac_plugin↗2017-05-29

▶

OSV

CVE-2017-9300: plugins\codec\libflac_plugin↗2017-05-29

▶

📋Vendor Advisories

Cisco

Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability↗2017-11-15

▶

Cisco

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability↗2017-11-01

▶

Cisco

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability↗2017-11-01

▶

Cisco

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability↗2017-04-05

▶

Cisco

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability↗2017-04-05

▶