CVE-2014-9598

Published: Jan 21, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.

Affected (1)

Products: Videolan: Vlc Media Player

Videolan

1 product

Vlc Media Player

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Version 2.1.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://seclists.org/fulldisclosure/2015/Jan/72

Source: cve@mitre.org

http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html

Source: cve@mitre.org

URL Repurposed

https://security.gentoo.org/glsa/201603-08

Source: cve@mitre.org

https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt

Source: cve@mitre.org

https://trac.videolan.org/vlc/ticket/13390

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Jan/72