A critical security vulnerability in VLC Media Player recently discovered by the German CERT-Bund allows for remote code execution.
The vulnerability exists in VLC Media Player since version 3.0.7.1, and is described in the bulletin CVE-2019-13615. Version 3.0.7.1 is the latest fixed version of the application.
“VideoLAN VLC 3.0.7.1 media player may have an overloaded temporary buffer on mkv :: demux_sys_t :: FreeUnused () in modules / demux / mkv / demux.cpp when called by mkv :: Open in modules / demux / mkv / mkv.cpp ”, reports the CVE.
According to the security bulletin, the successful exploitation of the vulnerability allows the unauthorized disclosure of information, the unauthorized modification of files and the termination of the service.
VideoLAN, the company behind the app, has already started developing an update about four weeks ago, according to an error report that is available here.
At this time, there is no information on whether the vulnerability has been used for any attacks. However, now that the vulnerability has been publicly announced, there is a possibility that the number of attacks will increase, especially in high-profile individuals.
The vulnerability exists in several versions of VLC Media Player for almost all desktop platforms of the application (Windows, Linux and UNIX). MacOS does not appear to be affected by the error.
If you use the application on your system, you should avoid it, at least until the improved version containing the security patch is announced. Until then you can use one of the following alternative applications:
PotPlayer, KMPlayer, Media Player Classic, ACG Player, GOM Media Player, Kodi etc.
______________________
- FaceApp when the idiot looked at the finger
- The real hardware requirements for Windows 10
- See the startup and shutdown history of your Windows 10 computer
- Top Secret: From Ciphers to Cybersecurity. 100 years GCHQ
- See in Windows 10 which apps the network is using
- LanguageTool free grammar and spell check
- How internet speed tests work and how accurate they are