{"id":"UBUNTU-CVE-2014-9597","details":"The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.","modified":"2026-04-22T09:55:50.024804Z","published":"2015-01-21T15:17:00Z","upstream":["CVE-2014-9597"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9597"},{"type":"REPORT","url":"http://seclists.org/fulldisclosure/2015/Jan/72"},{"type":"REPORT","url":"http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-9597"}],"affected":[{"package":{"name":"vlc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/vlc@2.1.6-0ubuntu14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.6-0ubuntu14.04.2"}]}],"versions":["2.0.8-1","2.1.1-1","2.1.2-1","2.1.2-2","2.1.2-2build1","2.1.2-2build2","2.1.4-0ubuntu14.04.1","2.1.6-0ubuntu14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libvlc5","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"libvlccore7","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-data","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-nox","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-plugin-fluidsynth","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-plugin-jack","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-plugin-notify","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-plugin-pulse","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-plugin-sdl","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-plugin-svg","binary_version":"2.1.6-0ubuntu14.04.2"},{"binary_name":"vlc-plugin-zvbi","binary_version":"2.1.6-0ubuntu14.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-9597.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}