Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9597Improper Input Validation in VLC Media Player

CWE-20Improper Input Validation5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
8.5%
top 7.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedJan 21
Latest updateMay 17

Description

The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Ubuntuvideolan/vlc_media_player< 2.1.6-0ubuntu14.04.2

🔴Vulnerability Details

3
GHSA
GHSA-wmf4-pgrw-pc73: The picture_pool_Delete function in misc/picture_pool2022-05-17
OSV
CVE-2014-9597: The picture_pool_Delete function in misc/picture_pool2015-01-21
CVEList
CVE-2014-9597: The picture_pool_Delete function in misc/picture_pool2015-01-21

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 2.1.5 - DEP Access Violation2015-01-26
CVE-2014-9597 — Improper Input Validation | cvebase