• Status Closed
  • Percent Complete
  • Task Type Security Issue
  • Category Any
  • Assigned To
  • Operating System All
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by Emulatorman - 28/09/2018
Last edited by Emulatorman - 29/09/2018

FS#1206 - [vlc] CVE-2017-17670


  • In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Additional info:
* package version(s)

  • 2.2.6-1.hyperbola1

* config and/or log files etc.

  • None

Steps to reproduce:

  • Run VLC
Closed by  Emulatorman
29.09.2018 08:33
Reason for closing:  Fixed
Date User Effort (H:M)
watch my effort tracking timers


Available keyboard shortcuts


Task Details

Task Editing