ArchLinux: 201712-4: vlc: arbitrary code execution

    Date07 Dec 2017
    Posted ByLinuxSecurity Advisories
    The package vlc before version 2.2.7-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201712-4
    Severity: Critical
    Date    : 2017-12-07
    CVE-ID  : CVE-2017-10699 CVE-2017-9300
    Package : vlc
    Type    : arbitrary code execution
    Remote  : Yes
    Link    :
    The package vlc before version 2.2.7-1 is vulnerable to arbitrary code
    Upgrade to 2.2.7-1.
    # pacman -Syu "vlc>=2.2.7-1"
    The problems have been fixed upstream in version 2.2.7.
    - CVE-2017-10699 (arbitrary code execution)
    It was discovered that avcodec 2.2.x, as used in VideoLAN VLC media
    player before 2.2.7, allows out-of-bounds heap memory write due to
    calling memcpy() with a wrong size, leading to a denial of service
    (application crash) or possibly code execution.
    - CVE-2017-9300 (arbitrary code execution)
    It was discovered that plugins\codec\ in VideoLAN VLC
    media player before 2.2.7 allows remote attackers to cause a heap
    corruption and application crash leading to denial of service or
    possibly execution of arbitrary code via a crafted FLAC file.
    A remote attacker is able to execute arbitrary code on the host by
    providing a maliciously-crafted media file to VLC.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"6","type":"x","order":"1","pct":54.55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":27.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":18.18,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.