[CVE] Crash due to Out-of-Bound Heap Memory Write

Bug #1715777 reported by Simon Quigley
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Fix Released
Medium
Unassigned
Trusty
Confirmed
Medium
Unassigned

Bug Description

In Trusty, CVE-2017-10699 was not fixed, and it was overlooked when bug 1693893 was fixed. It turns out that it is, in fact, applicable, so this bug is tracking to get that fixed. Description:

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

CVE References

Simon Quigley (tsimonq2)
Changed in vlc (Ubuntu Artful):
status: New → Fix Released
Changed in vlc (Ubuntu Trusty):
importance: Undecided → Medium
Changed in vlc (Ubuntu Artful):
importance: Undecided → Medium
Changed in vlc (Ubuntu Trusty):
assignee: nobody → Simon Quigley (tsimonq2)
status: New → In Progress
tags: added: trusty
tags: added: backport
Simon Quigley (tsimonq2)
Changed in vlc (Ubuntu Trusty):
assignee: Simon Quigley (tsimonq2) → Alan Diggs (schyken)
milestone: none → trusty-updates
Simon Quigley (tsimonq2)
Changed in vlc (Ubuntu Trusty):
assignee: Alan Diggs (schyken) → Simon Quigley (tsimonq2)
Simon Quigley (tsimonq2)
no longer affects: vlc (Ubuntu Artful)
Simon Quigley (tsimonq2)
Changed in vlc (Ubuntu Trusty):
status: In Progress → Confirmed
assignee: Simon Quigley (tsimonq2) → nobody
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.