Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9597

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-9597
Last Modified 22 Jan 2015 10:43:56
Published 21 Jan 2015 10:17:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9597

Summary

The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.

Vulnerable Systems

Application

  • Videolan Vlc Media Player 2.1.5


References

MISC - https://trac.videolan.org/vlc/ticket/13389

MISC - https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt

MISC - http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html

FULLDISC - 20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)


Last Updated: 27 May 2016 11:07:36