Candidate: CVE-2017-9301
PublicDate: 2017-05-29 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9301
 http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html
Description:
 plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media
 player 2.2.4 allows remote attackers to cause a denial of service (invalid
 read and application crash) or possibly have unspecified other impact via a
 crafted file.
Ubuntu-Description:
Notes:
 ratliff> fixes not available as of 2017-08-01
 mikesalvatore> fixes not available as of 2018-10-23
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_vlc:
upstream_vlc: released (2.2.5.1-1)
precise/esm_vlc: DNE
trusty_vlc: ignored (reached end-of-life)
trusty/esm_vlc: DNE (trusty was deferred [2019-04-23])
vivid/stable-phone-overlay_vlc: DNE
vivid/ubuntu-core_vlc: DNE
xenial_vlc: ignored (end of standard support, was deferred [2019-04-23])
yakkety_vlc: ignored (reached end-of-life)
zesty_vlc: ignored (reached end-of-life)
artful_vlc: ignored (reached end-of-life)
bionic_vlc: not-affected (3.0.3-1-1ubuntu1)
cosmic_vlc: not-affected (3.0.3-1-1ubuntu1)
disco_vlc: not-affected (3.0.3-1-1ubuntu1)
eoan_vlc: not-affected (3.0.3-1-1ubuntu1)
focal_vlc: not-affected (3.0.3-1-1ubuntu1)
groovy_vlc: not-affected (3.0.3-1-1ubuntu1)
hirsute_vlc: not-affected (3.0.3-1-1ubuntu1)
impish_vlc: not-affected (3.0.3-1-1ubuntu1)
jammy_vlc: not-affected (3.0.3-1-1ubuntu1)
devel_vlc: not-affected (3.0.3-1-1ubuntu1)