Type Conversion Vulnerability in VideoLAN VLC Media Player (CVE-2019-12874)

Type Conversion Vulnerability in VideoLAN VLC Media Player (CVE-2019-12874)

CVE-2017-17670 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Learn more about our Cis Benchmark Audit For Ibm I.