*** This bug is a security vulnerability *** Public security bug reported:
In Trusty, CVE-2017-10699 was not fixed, and it was overlooked when bug 1693893 was fixed. It turns out that it is, in fact, applicable, so this bug is tracking to get that fixed. Description: avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. ** Affects: vlc (Ubuntu) Importance: Medium Status: Fix Released ** Affects: vlc (Ubuntu Trusty) Importance: Medium Assignee: Simon Quigley (tsimonq2) Status: In Progress ** Affects: vlc (Ubuntu Artful) Importance: Medium Status: Fix Released ** Tags: backport trusty ** Also affects: vlc (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: vlc (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: vlc (Ubuntu Artful) Status: New => Fix Released ** Changed in: vlc (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: vlc (Ubuntu Artful) Importance: Undecided => Medium ** Changed in: vlc (Ubuntu Trusty) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: vlc (Ubuntu Trusty) Status: New => In Progress ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10699 ** Tags added: trusty ** Tags added: backport -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1715777 Title: [CVE] Crash due to Out-of-Bound Heap Memory Write To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1715777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs