VYPR
High severity8.8NVD Advisory· Published Dec 15, 2017· Updated Jun 17, 2026

CVE-2017-17670

CVE-2017-17670

Description

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • VideoLAN/VLC media playerinferred3 versions
    <=2.2.8+ 2 more
    • (no CPE)range: <=2.2.8
    • cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*range: <=2.2.8
    • (no CPE)range: <=2.2.8
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

4

News mentions

1