vlc: type conversion vulnerability (CVE-2017-17670)
In VideoLAN VLC media player through 2.2.8, there is a type conversion
vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module
leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
(from redmine: issue id 8313, created on 2017-12-18, closed on 2018-09-20)