| Errata ID | 143 |
|---|---|
| Date | 2018-07-04 |
| Source package | vlc |
| Fixed in version | 3.0.2-0+deb9u1 |
| Description | This update addresses the following issues: * Type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. (CVE-2017-17670) |
| Additional notes | New upstream release 3.0.2-0+deb9u1 following the LTS release branch. |
| CVE ID | CVE-2017-17670 |
| UCS Bug number | #47294 |
