CVE-2017-9300

Published: 29 May 2017

plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
vlc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.2.2-5ubuntu0.16.04.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.1.6-0ubuntu14.04.4])
Patches:
Upstream: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3