Your submission was sent successfully! Close

CVE-2014-9598

Published: 21 January 2015

The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.

Priority

Medium

Status

Package Release Status
vlc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)

Notes

AuthorNote
seth-arnold
vlc claims the bug is in libav, but also say "the 2.2.0-rc2
binaries already fix the problem"
mdeslaur
as of 2015-05-08, no indication of a libav fix
can't reproduce with vlc 2.1.6 in trusty, or with precise

References

Bugs