A critical security vulnerability in VLC Media Player recently discovered by the German CERT-Bund allows for remote code execution.
The vulnerability exists in VLC Media Player since version 3.0.7.1, and is described in the bulletin CVE-2019-13615. Version 3.0.7.1 is the latest fixed version of the application.
"The program media player VideoLAN VLC 3.0.7.1 may have an overflowed temporary buffer in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv .cpp,” CVE reports.
According to the security bulletin, successful exploitation of the vulnerability allows unauthorized information disclosure, unauthorized amendment files but also the vacation service.
VideoLAN, the company behind the app, has already started developing an update about four weeks ago, according to an error report that is available here.
At this time, there is no information on whether the vulnerability has been used for any attacks. However, now that the vulnerability has been publicly announced, there is a possibility that the number of attacks will increase, especially in high-profile individuals.
The vulnerability exists in several versions of VLC Media Player for almost all of them desktop with platforms of the application (Windows, Linux and UNIX). macOS does not appear to be affected by the bug.
If you use the application on your system, you should avoid it, at least until the improved version containing the security patch is announced. Until then you can use one of the following alternative applications:
PotPlayer, KMPlayer, Media Player Classic, ACG Player, GOM Media Player, Kodi etc.
______________________
- FaceApp when the idiot looked at the finger
- The real hardware requirements for Windows 10
- See the startup and shutdown history of your Windows 10 computer
- Top Secret: From Ciphers to Cybersecurity. 100 years GCHQ
- See in Windows 10 which apps the network is using
- LanguageTool free grammar and spell check
- How internet speed tests work and how accurate they are
