Do you want to uninstall VLC? Many websites say that this is probably the best solution, but according to the developers of the application, the alleged security gap is excessive, and may not be dangerous at all.
The problem started with its publication CVE-2019-13615, characterized as a "critical" vulnerability with a score of 9,8 out of 10 (Heap Based Buffer Overflow Vulnerability).
VLC developers are unhappy that they did not even contact them before this bug was published.
That probably wasn't good. On the other hand 9,8 out of 10 sounds like a nuclear disaster. This flaw could lead to remote execution code, and they could gain control of your system through a bug in VLC.
As the CVE states, this flaw requires the reptreatment of a defective MKV file. In theory, if you download one malicious αρχείο MKV από το Internet and run it, it could compromise VLC although no one has reported this happening yet. Also, the macOS version of the app doesn't seem to be affected.
So, even if this defect is as bad as it sounds, you should be especially careful with MKV files. Do not download unreliable MKV files and do not run them with the popular application until an update is released.
But the update will probably be delayed, as the developers of the VLC application say no can reproduce the problem.
As the VLC developers explain in bug tracker of VideoLAN:
"Sorry, but this error cannot be reproduced and does not crash VLC at all." – Jean-Baptiste Kempf
"If you read about the error in a news article claiming that there is a critical gap in VLC, I suggest you read the comment above first and review your (fake) news sources." - Francois Cartegnie
"It does not crash the regular version of VLC 3.0.7.1" - Jean-Baptiste Kempf.
We are waiting for the answer of the researchers who discovered the security gap. It will be interesting to see who is wrong.
