Improper input validation in Videolan Vlc_media_player

CVE-2014-9597

The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.085 (92.5th percentile) — read the EPSS interpretation.

Affected products

Videolan Vlc_media_player — versions 2.1.5
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (URL Repurposed, x_refsource_MISC)
20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) (mailing-list, x_refsource_FULLDISC)
GLSA-201603-08 (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)