[CVE] Crash due to Out-of-Bound Heap Memory Write

Bug #1715777 reported by Simon Quigley on 2017-09-08
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Medium
Unassigned
Trusty
Medium
Unassigned

Bug Description

In Trusty, CVE-2017-10699 was not fixed, and it was overlooked when bug 1693893 was fixed. It turns out that it is, in fact, applicable, so this bug is tracking to get that fixed. Description:

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

CVE References

Simon Quigley (tsimonq2) on 2017-09-08
Changed in vlc (Ubuntu Artful):
status: New → Fix Released
Changed in vlc (Ubuntu Trusty):
importance: Undecided → Medium
Changed in vlc (Ubuntu Artful):
importance: Undecided → Medium
Changed in vlc (Ubuntu Trusty):
assignee: nobody → Simon Quigley (tsimonq2)
status: New → In Progress
tags: added: trusty
tags: added: backport
Simon Quigley (tsimonq2) on 2017-09-18
Changed in vlc (Ubuntu Trusty):
assignee: Simon Quigley (tsimonq2) → Alan Diggs (schyken)
milestone: none → trusty-updates
Simon Quigley (tsimonq2) on 2017-09-23
Changed in vlc (Ubuntu Trusty):
assignee: Alan Diggs (schyken) → Simon Quigley (tsimonq2)
Simon Quigley (tsimonq2) on 2017-11-27
no longer affects: vlc (Ubuntu Artful)
Simon Quigley (tsimonq2) on 2018-03-18
Changed in vlc (Ubuntu Trusty):
status: In Progress → Confirmed
assignee: Simon Quigley (tsimonq2) → nobody
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers