A vulnerability is a bug or design flaw in software that allows that software to be used in some malicious and unintended way.
All software has bugs, which are nothing more than mistakes made in the design or implementation of the software. Bugs can take many forms, from simply displaying something improperly, to crashing the application or entire machine.
When a bug can be intentionally triggered and in turn exploited for malicious purposes, that bug is termed a vulnerability.
The results of exploiting a vulnerability may have nothing to do with the software’s primary purpose. All that matters is that the vulnerability can somehow be used by malware – typically to infect the machine on which the software is running.