CVE-2014-9597 on Ubuntu 12.04 LTS (precise) - medium.
Description:
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.