MGASA-2017-0424

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0424.html

Import Source

https://advisories.mageia.org/MGASA-2017-0424.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0424

Related

CVE-2017-10699

Published

2017-11-26T21:18:31Z

Modified

2017-11-26T20:57:22Z

Summary

Updated vlc packages fix security vulnerability

Details

avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution (CVE-2017-10699).

The VLC packages have been updated to version 2.2.8, which includes various security improvements in decoders and demuxers, as well as other bug fixes.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / vlc

Package

Name: vlc
Purl: pkg:rpm/mageia/vlc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.8-1.0.mga5

Ecosystem specific

{
    "section": "core"
}