CVE-2017-10699 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
It was discovered that avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-533 vlc 2.2.6-5 2.2.7-1 Critical Fixed
Date Advisory Group Package Severity Description
07 Dec 2017 ASA-201712-4 AVG-533 vlc Critical arbitrary code execution
References
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
https://trac.videolan.org/vlc/ticket/18467