VDB
CVE-2014-9598
CVE-2014-9598
PUBLISHED
CVSS 6.800000190734863 MEDIUM
The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
EPSS 18.63% · 95.4th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
18.63%
95.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| videolan | vlc_media_player | 2.1.5 |
Timeline
- Jan 21, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html url
- https://trac.videolan.org/vlc/ticket/13390 url
- 20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) mailing-list
- GLSA-201603-08 vendor-advisory
- https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt url
- https://nvd.nist.gov/vuln/detail/CVE-2014-9598 advisory