VLC Media Player vulnerability to the popular application

A critical security vulnerability in VLC Media Player recently discovered by the German CERT-Bund, allows remote implementation code.

The vulnerability exists in VLC Media Player since version 3.0.7.1, and is described in the bulletin CVE-2019-13615. Version 3.0.7.1 is the latest fixed version of the application.

“VideoLAN VLC 3.0.7.1 media player may have an overloaded temporary buffer on mkv :: demux_sys_t :: FreeUnused () in modules / demux / mkv / demux.cpp when called by mkv :: Open in modules / demux / mkv / mkv.cpp ”, reports the CVE.

According to the security bulletin, the successful exploitation of the vulnerability allows the unauthorized disclosure of information, the unauthorized modification of files and the termination of the service.

VideoLAN, the company behind the app, has already started developing an update about four weeks ago, according to an error report that is available here.

So far, there aren't any information on whether the vulnerability has been used for any attacks. However, now that the vulnerability has been publicly announced, there is a possibility that the number of attacks will increase, especially on high-profile individuals.

The vulnerability exists in several versions of VLC Media Player for almost all desktop platforms of the application (Windows, Linux and UNIX). The functional macOS does not appear to be affected by the bug.

If you use the application on your system, you should avoid it, at least until the improved version containing the security patch is announced. Until then you can use one of the following alternative applications:

PotPlayer, KMPlayer, Media Player Classic, ACG Player, GOM Media Player, Kodi etc.

______________________

VLC Media Player vulnerability to the popular application

every publication, directly to your inbox

Written by giorgos

Leave a reply Ακύρωση απάντησης

every publication, directly to your inbox

spread the news

Leave a reply Ακύρωση απάντησης