Critical severity9.8NVD Advisory· Published Jun 30, 2017· Updated May 13, 2026

CVE-2017-10699

Description

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

Affected products

VideoLAN/Vlc Media Player9 versions
cpe:2.3:a:videolan:vlc_media_player:2.2.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:videolan:vlc_media_player:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.2.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

trac.videolan.org/vlc/ticket/18467nvdIssue TrackingVendor Advisory
www.securitytracker.com/id/1038816nvd
www.debian.org/security/2017/dsa-4045nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000