Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9598 — Improper Input Validation in VLC Media Player

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

18.6%

top 4.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player

Timeline

PublishedJan 21

Latest updateMay 17

Description

The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDvideolan/vlc_media_player2.1.5

🔴Vulnerability Details

GHSA

GHSA-56pr-6ff4-492c: The picture_Release function in misc/picture↗2022-05-17

▶

CVEList

CVE-2014-9598: The picture_Release function in misc/picture↗2015-01-21

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 2.1.5 - Write Access Violation↗2015-01-26

▶