Candidate: CVE-2014-9598
PublicDate: 2015-01-21 15:17:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9598
 http://seclists.org/fulldisclosure/2015/Jan/72
 http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html
Description:
 The picture_Release function in misc/picture.c in VideoLAN VLC media player
 2.1.5 allows remote attackers to execute arbitrary code or cause a denial
 of service (write access violation) via a crafted M2V file.
Ubuntu-Description:
Notes:
 seth-arnold> vlc claims the bug is in libav, but also say "the 2.2.0-rc2
  binaries already fix the problem"
 mdeslaur> as of 2015-05-08, no indication of a libav fix
 mdeslaur> can't reproduce with vlc 2.1.6 in trusty, or with precise
Bugs:
 https://trac.videolan.org/vlc/ticket/13390
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_vlc:
upstream_vlc: needs-triage
lucid_vlc: ignored (reached end-of-life)
precise_vlc: not-affected
trusty_vlc: not-affected
trusty/esm_vlc: DNE (trusty was not-affected)
utopic_vlc: not-affected (2.2.0-0ubuntu0.14.10.1)
vivid_vlc: not-affected (2.2.0-0ubuntu1)
devel_vlc: not-affected (2.2.0-0ubuntu1)