Launchpad CVE tracker

CVE 2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

Related bugs and status

CVE-2017-10699 (Candidate) is related to these bugs:

Bug #1693893: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

		In	Importance	Status
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Zesty)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Xenial)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Artful)	Undecided	Fix Released
1693893	Fix out-of-bounds read, potential heap buffer overflow, and other CVEs	vlc (Ubuntu Trusty)	Undecided	Fix Released

Bug #1703754: Force sync vlc 2.2.6-3 from Debian Sid

Summary				In	Importance	Status
	1703754	Force sync vlc 2.2.6-3 from Debian Sid		vlc (Ubuntu)	Undecided	Fix Released

Bug #1715777: [CVE] Crash due to Out-of-Bound Heap Memory Write

Summary				In	Importance	Status
	1715777	[CVE] Crash due to Out-of-Bound Heap Memory Write		vlc (Ubuntu)	Medium	Fix Released
	1715777	[CVE] Crash due to Out-of-Bound Heap Memory Write		vlc (Ubuntu Trusty)	Medium	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-10699

References