Heap-out-of-bounds write in VLC Media Player - CVE-2017-10699
Published: July 4, 2017 / Updated: July 7, 2017
Vulnerability identifier: #VU7371
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-10699
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VideoLAN
Affected software:
VLC Media Player
VLC Media Player
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.
The vulnerability exists in VLC Media Player due to calling memcpy() with a wrong size. A remote attacker can create a specially crafted media file, trick the victim into loading it, trigger out-of-bounds heap memory write in the avcodec component and cause the application to crash or execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-10699
The vendor has issued a source code fix, available at:
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b