[arch-security] [ASA-201712-4] vlc: arbitrary code execution

Santiago Torres-Arias santiago at archlinux.org
Thu Dec 7 20:45:13 UTC 2017


Arch Linux Security Advisory ASA-201712-4
=========================================

Severity: Critical
Date    : 2017-12-07
CVE-ID  : CVE-2017-10699 CVE-2017-9300
Package : vlc
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-533

Summary
=======

The package vlc before version 2.2.7-1 is vulnerable to arbitrary code
execution.

Resolution
==========

Upgrade to 2.2.7-1.

# pacman -Syu "vlc>=2.2.7-1"

The problems have been fixed upstream in version 2.2.7.

Workaround
==========

None.

Description
===========

- CVE-2017-10699 (arbitrary code execution)

It was discovered that avcodec 2.2.x, as used in VideoLAN VLC media
player before 2.2.7, allows out-of-bounds heap memory write due to
calling memcpy() with a wrong size, leading to a denial of service
(application crash) or possibly code execution.

- CVE-2017-9300 (arbitrary code execution)

It was discovered that plugins\codec\libflac_plugin.so in VideoLAN VLC
media player before 2.2.7 allows remote attackers to cause a heap
corruption and application crash leading to denial of service or
possibly execution of arbitrary code via a crafted FLAC file.

Impact
======

A remote attacker is able to execute arbitrary code on the host by
providing a maliciously-crafted media file to VLC.

References
==========

https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
https://trac.videolan.org/vlc/ticket/18467
https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3
https://security.archlinux.org/CVE-2017-10699
https://security.archlinux.org/CVE-2017-9300
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20171207/a29fd7cc/attachment.asc>


More information about the arch-security mailing list