CVE-2014-9597

Published: Jan 21, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.

Affected (1)

Products: Videolan: Vlc Media Player

Videolan

1 product

Vlc Media Player

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Version 2.1.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://seclists.org/fulldisclosure/2015/Jan/72

Source: cve@mitre.org

http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html

Source: cve@mitre.org

URL Repurposed

https://security.gentoo.org/glsa/201603-08

Source: cve@mitre.org

https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt

Source: cve@mitre.org

https://trac.videolan.org/vlc/ticket/13389

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Jan/72