VLC Media Player vulnerability to the popular application

A critical security vulnerability in VLC Media Player recently discovered by Germany's CERT-Bund allows remote implementation code.

The vulnerability exists in VLC Media Player since version 3.0.7.1, and is described in the bulletin CVE-2019-13615. Version 3.0.7.1 is the latest fixed version of the application.

“VideoLAN VLC 3.0.7.1 media player may have an overloaded temporary buffer on mkv :: demux_sys_t :: FreeUnused () in modules / demux / mkv / demux.cpp when called by mkv :: Open in modules / demux / mkv / mkv.cpp ”, reports the CVE.

According to the security bulletin, successful exploitation of the vulnerability allows unauthorized information disclosure, unauthorized amendment files but also the interruption of the service.

VideoLAN, the company behind the app, has already started developing an update about four weeks ago, according to an error report that is available here.

At this time, there is no information on whether the vulnerability has been used for any attacks. However, now that the vulnerability has been publicly announced, there is a possibility that the number of attacks will increase, especially in high-profile individuals.

The vulnerability exists in several versions of VLC Media Player for almost all desktops platforms of the application (Windows, Linux and UNIX). macOS does not appear to be affected by the bug.

If useste application on your system, it would be best to avoid it, at least until the improved version containing the security patch is announced. Until then you can use one of the following alternative applications:

PotPlayer, KMPlayer, Media Player Classic, ACG Player, GOM Media Player, Kodi etc.

______________________

VLC Media Player vulnerability to the popular application

every publication, directly to your inbox

Written by giorgos

Leave a reply Ακύρωση απάντησης

every publication, directly to your inbox

spread the news

Leave a reply Ακύρωση απάντησης