[CVE] Crash due to Out-of-Bound Heap Memory Write
Bug #1715777 reported by
Simon Quigley
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vlc (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Confirmed
|
Medium
|
Unassigned |
Bug Description
In Trusty, CVE-2017-10699 was not fixed, and it was overlooked when bug 1693893 was fixed. It turns out that it is, in fact, applicable, so this bug is tracking to get that fixed. Description:
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
CVE References
Changed in vlc (Ubuntu Artful): | |
status: | New → Fix Released |
Changed in vlc (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in vlc (Ubuntu Artful): | |
importance: | Undecided → Medium |
Changed in vlc (Ubuntu Trusty): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
status: | New → In Progress |
tags: | added: trusty |
tags: | added: backport |
Changed in vlc (Ubuntu Trusty): | |
assignee: | Simon Quigley (tsimonq2) → Alan Diggs (schyken) |
milestone: | none → trusty-updates |
Changed in vlc (Ubuntu Trusty): | |
assignee: | Alan Diggs (schyken) → Simon Quigley (tsimonq2) |
no longer affects: | vlc (Ubuntu Artful) |
Changed in vlc (Ubuntu Trusty): | |
status: | In Progress → Confirmed |
assignee: | Simon Quigley (tsimonq2) → nobody |
To post a comment you must log in.