High severity8.8NVD Advisory· Published Dec 15, 2017· Updated Jun 17, 2026
CVE-2017-17670
CVE-2017-17670
Description
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<=2.2.8+ 2 more
- (no CPE)range: <=2.2.8
- cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*range: <=2.2.8
- (no CPE)range: <=2.2.8
Patches
Vulnerability mechanics
References
4- openwall.com/lists/oss-security/2017/12/15/1nvdExploitMailing ListThird Party Advisory
- www.securityfocus.com/bid/102214nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040938nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2018/dsa-4203nvdThird Party Advisory
News mentions
1- ABB Ability Camera ConnectCISA ICS Advisories