CVE-2014-9598 (retired)

Priority
Description
The picture_Release function in misc/picture.c in VideoLAN VLC media player
2.1.5 allows remote attackers to execute arbitrary code or cause a denial
of service (write access violation) via a crafted M2V file.
Notes
 sarnold> vlc claims the bug is in libav, but also say "the 2.2.0-rc2
  binaries already fix the problem"
 mdeslaur> as of 2015-05-08, no indication of a libav fix
 mdeslaur> can't reproduce with vlc 2.1.6 in trusty, or with precise
Package
Source: vlc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Updated: 2019-03-26 12:13:53 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)