Want to uninstall VLC? Many websites say that this is probably the best solution, but according to its developers applications, the alleged security gap is exaggerated, and may not be dangerous at all.
The problem started with its publication CVE-2019-13615, που χαρακτηρίζεται σαν "κρίσιμη" vulnerability with a score of 9,8 out of 10 (Heap Based Buffer Overflow Vulnerability).
VLC developers are unhappy that they did not even contact them before this bug was published.
That probably wasn't good. On the other hand 9,8 out of 10 sounds like a nuclear disaster. This defect could lead to remote implementation code, and could gain control of your system through a bug in VLC.
As the CVE states, this flaw requires playing a faulty MKV file. In theory, if you download one malicious MKV file from the internet and run it, it could compromise VLC although no one has reported this happening yet. Also, the macOS version of the app doesn't seem to be affected.
So, even if this defect is as bad as it sounds, you should be especially careful with MKV files. Do not download unreliable MKV files and do not run them with the popular application until an update is released.
But the update will probably be delayed, as the developers of the VLC application say no can reproduce the problem.
As the VLC developers explain in bug tracker of VideoLAN:
"Λυπούμαστε, αλλά αυτό το σφάλμα δεν μπορεί να αναπαραχθεί και δεν συντρίβει καθόλου το VLC." - Jean-Baptiste Kempf
"Εάν διαβάσατε για το σφάλμα μέσω κάποιου ειδησεογραφικού άρθρου που ισχυρίζεται ότι υπάρχει ένα κρίσιμο κενό στο VLC, σας προτείνω να διαβάσετε πρώτα το παραπάνω σχόλιο και να επανεξετάσετε τις (ψεύτικες) πηγές ειδήσεών σας." - Francois Cartegnie
"Δεν συντρίβει την κανονική έκδοση του VLC 3.0.7.1" - Jean-Baptiste Kempf.
We are waiting for the answer of the researchers who discovered the security gap. It will be interesting to see who is wrong.
