Advisories » MGASA-2017-0424

Updated vlc packages fix security vulnerability

Publication date: 26 Nov 2017
Modification date: 26 Nov 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-10699

Description

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows
out-of-bounds heap memory write due to calling memcpy() with a wrong
size, leading to a denial of service (application crash) or possibly
code execution (CVE-2017-10699).

The VLC packages have been updated to version 2.2.8, which includes
various security improvements in decoders and demuxers, as well as other
bug fixes.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21801
• https://git.videolan.org/?p=vlc/vlc-2.2.git;a=blob;f=NEWS;h=d9b31b4e5362c7d764f3e6b23b78aaeb0b8bf868;hb=3cc1d8cba982fc988c2a421e42408bb05d1ba37f
• https://www.debian.org/security/2017/dsa-4045
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10699

SRPMS

5/core

• vlc-2.2.8-1.0.mga5