Vulnerability Details CVE-2017-10699
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-10699
-
cpe:2.3:a:videolan:vlc_media_player:2.2.0
-
cpe:2.3:a:videolan:vlc_media_player:2.2.1
-
cpe:2.3:a:videolan:vlc_media_player:2.2.2
-
cpe:2.3:a:videolan:vlc_media_player:2.2.3
-
cpe:2.3:a:videolan:vlc_media_player:2.2.4
-
cpe:2.3:a:videolan:vlc_media_player:2.2.5
-
cpe:2.3:a:videolan:vlc_media_player:2.2.5.1
-
cpe:2.3:a:videolan:vlc_media_player:2.2.6
-
cpe:2.3:a:videolan:vlc_media_player:2.2.7