#VU7371 Heap-out-of-bounds write in VLC Media Player - CVE-2017-10699

Cybersecurity Help s.r.o.

Published: 2017-07-04 | Updated: 2017-07-07

Vulnerability identifier: #VU7371

Vulnerability risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-10699

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VLC Media Player
Client/Desktop applications / Multimedia software

Vendor: VideoLAN

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The vulnerability exists in VLC Media Player due to calling memcpy() with a wrong size. A remote attacker can create a specially crafted media file, trick the victim into loading it, trigger out-of-bounds heap memory write in the avcodec component and cause the application to crash or execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
The vendor has issued a source code fix, available at:
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b

Vulnerable software versions

VLC Media Player: 2.2.7

External links
https://trac.videolan.org/vlc/ticket/18467

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Arch Linux update for vlc

Remote code execution in VideoLAN VLC media player