Do you want to uninstall VLC? Many websites say that this is probably the best solution, but according to the developers of the application, the alleged security gap is excessive, and may not be dangerous at all.
The problem started with its publication CVE-2019-13615, classified as a "critical" vulnerability with a score of 9,8 out of 10 (Heap Based Buffer Overflow Vulnerability).
VLC developers are unhappy that they did not even contact them before this bug was published.
This was probably not good. On the other hand, 9,8 out of 10 sounds like a nuclear disaster. This defect could lead to remote code execution, and they could gain control of your system through an error in VLC.
As the CVE states, this flaw requires the replication of a flaw archiveu MKV. In theory, if you download one malicious MKV file from thenetwork and run it, it could compromise VLC although no one has reported this happening yet. Also, the macOS version of the app doesn't seem to be affected.
So, even if this defect is as bad as it sounds, you should be especially careful with MKV files. Do not download unreliable MKV files and do not run them with the popular application until an update is released.
But the update will probably be delayed, as the developers of the VLC application say no can reproduce the problem.
As the VLC developers explain in bug tracker of VideoLAN:
"We are sorry, but this error cannot be reproduced and does not crash VLC at all." - Jean-Baptiste Kempf
"If you read about the error in a news article claiming that there is a critical gap in VLC, I suggest you read the comment above first and review your (fake) news sources." - Francois Cartegnie
"It does not crash the regular version of VLC 3.0.7.1" - Jean-Baptiste Kempf.
We are waiting for the answer of the researchers who discovered the security gap. It will be interesting to see who is wrong.
