*** This bug is a security vulnerability ***
Public security bug reported:
In Trusty, CVE-2017-10699 was not fixed, and it was overlooked when bug
1693893 was fixed. It turns out that it is, in fact, applicable, so this
bug is tracking to get that fixed. Description:
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before
2017-06-29, allows out-of-bounds heap memory write due to calling
memcpy() with a wrong size, leading to a denial of service (application
crash) or possibly code execution.
** Affects: vlc (Ubuntu)
Importance: Medium
Status: Fix Released
** Affects: vlc (Ubuntu Trusty)
Importance: Medium
Assignee: Simon Quigley (tsimonq2)
Status: In Progress
** Affects: vlc (Ubuntu Artful)
Importance: Medium
Status: Fix Released
** Tags: backport trusty
** Also affects: vlc (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: vlc (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: vlc (Ubuntu Artful)
Status: New => Fix Released
** Changed in: vlc (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: vlc (Ubuntu Artful)
Importance: Undecided => Medium
** Changed in: vlc (Ubuntu Trusty)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: vlc (Ubuntu Trusty)
Status: New => In Progress
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10699
** Tags added: trusty
** Tags added: backport
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1715777
Title:
[CVE] Crash due to Out-of-Bound Heap Memory Write
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1715777/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
