CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-10699

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile2.95th
Published2017年6月30日
Last Modified2026年5月13日

Vulnerability Description

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

Affected Platforms (CPE)

📦
Videolan

Vlc Media Player

= 2.2.0
📦
Videolan

Vlc Media Player

= 2.2.1
📦
Videolan

Vlc Media Player

= 2.2.2
📦
Videolan

Vlc Media Player

= 2.2.3
📦
Videolan

Vlc Media Player

= 2.2.4
📦
Videolan

Vlc Media Player

= 2.2.5
📦
Videolan

Vlc Media Player

= 2.2.5.1
📦
Videolan

Vlc Media Player

= 2.2.6
📦
Videolan

Vlc Media Player

= 2.2.7

References & Advisories

🔗 http://www.securitytracker.com/id/1038816
🔗 https://trac.videolan.org/vlc/ticket/18467
🔗 https://www.debian.org/security/2017/dsa-4045
🔗 http://www.securitytracker.com/id/1038816
🔗 https://trac.videolan.org/vlc/ticket/18467
🔗 https://www.debian.org/security/2017/dsa-4045

相關漏洞威脅

CVE-2008-029610.0

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow...

CVE-2019-139629.8

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read bec...

CVE-2019-128749.8

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The...

CVE-2014-64409.8

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.