Errata overview
Errata ID 143
Date 2018-07-04
Source package vlc
Fixed in version 3.0.2-0+deb9u1
This update addresses the following issues:
* Type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4
  demux module leading to a invalid free, because the type of a box may be
  changed between a read operation and a free operation. (CVE-2017-17670)
Additional notes New upstream release 3.0.2-0+deb9u1 following the LTS release branch.
CVE ID CVE-2017-17670
UCS Bug number #47294