The host is installed with VideoLAN VLC media player through 2.2.8 and is prone to a type conversion vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation could allow remote attackers to change the type of a box between a read operation and a free operation.