Published: 21/01/2015 Updated: 14/02/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote malicious users to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player 2.1.5

Title : VLC Player 215 Write Access Violation Vulnerability Discoverer: Veysel HATAS (@muh4f1z) Web page : wwwbinarysnipernet Vendor : VideoLAN VLC Project Test: Windows XP SP3 Status: Fixed Severity : High CVE ID : CVE-2014-9598 <cvemitreorg/cgi-bin/cvenamecgi?name=2014-9598> NIST: webnvdnistgov/view/vuln/detail? ...

Video nasty: Two big bugs in VLC media player's core library

The Register • Darren Pauli • 20 Jan 2015

Flaws disclosed in late December await exploitation

A Turkish hacker has revealed two zero-day vulnerabilities in library code used by the popular VLC media player and others. The data execution prevention (CVE-2014-9597) and write access (CVE-2014-9598) violation vulnerabilities could lead to arbitrary code execution, researcher Veysel Hatas said in a post. "VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitised when handling a specially crafted FLV" or M2V file, Hatas said. "This may allow a context-...

CVE-2014-9598

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect