Advisories ยป MGASA-2017-0433

Updated vlc packages fix security vulnerability

Publication date: 29 Nov 2017
Modification date: 29 Nov 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-10699

Description

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows
out-of-bounds heap memory write due to calling memcpy() with a wrong
size, leading to a denial of service (application crash) or possibly
code execution (CVE-2017-10699).

The VLC packages have been updated to version 2.2.8, which includes
various security improvements in decoders and demuxers, as well as other
bug fixes.
                

References

SRPMS

5/tainted