The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote malicious users to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
videolan vlc media player 2.1.5 |
Flaws disclosed in late December await exploitation
A Turkish hacker has revealed two zero-day vulnerabilities in library code used by the popular VLC media player and others. The data execution prevention (CVE-2014-9597) and write access (CVE-2014-9598) violation vulnerabilities could lead to arbitrary code execution, researcher Veysel Hatas said in a post. "VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitised when handling a specially crafted FLV" or M2V file, Hatas said. "This may allow a context-...