vlc: type conversion vulnerability (CVE-2017-17670)
In VideoLAN VLC media player through 2.2.8, there is a type conversion
vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module
leading to a invalid free, because the type of a box may be changed
between a read operation and a free operation.
References:
http://www.openwall.com/lists/oss-security/2017/12/15/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17670
(from redmine: issue id 8313, created on 2017-12-18, closed on 2018-09-20)
- Relations:
- child #8314 (closed)
- child #8315 (closed)