vlc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Multi-platform MPEG, VCD/DVD, and DivX player
Version 2.2.8-4 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-533 2.2.6-5 2.2.7-1 Critical Fixed
AVG-283 2.2.4-9 2.2.6-1 High Fixed FS#54194
Issue Group Severity Remote Type Description
CVE-2017-9300 AVG-533 High Yes Arbitrary code execution
It was discovered that plugins\codec\libflac_plugin.so in VideoLAN VLC media player before 2.2.7 allows remote attackers to cause a heap corruption and...
CVE-2017-8312 AVG-283 Medium No Denial of service
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted...
CVE-2017-8311 AVG-283 High No Arbitrary code execution
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute...
CVE-2017-8310 AVG-283 Medium No Denial of service
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated...
CVE-2017-10699 AVG-533 Critical Yes Arbitrary code execution
It was discovered that avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy() with...

Advisories

Date Advisory Group Severity Description
07 Dec 2017 ASA-201712-4 AVG-533 Critical arbitrary code execution
01 Jun 2017 ASA-201706-1 AVG-283 High multiple issues