Type Conversion Vulnerability in VideoLAN VLC Media Player (CVE-2019-12874)
CVE-2017-17670 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
Learn more about our Cis Benchmark Audit For Ibm I.