LASER_oneXM

Level 33
Verified
A German cybersecurity agency, CERT-Bund, which is responsible for organising the country's response to any computer emergencies, has recently discovered what it describes as a critical flaw in the popular VLC Media Player.

VLC is known to be a highly compatible media player, and thus boasts an impressive total downloads of over 3 billion, making this vulnerability all the more dangerous. CERT-Bund classified the vulnerability, officially logged as CVE-2019-13615, to be a "High" (Level 4) exploit, which is the second-highest risk assessment level by the agency.

The exploit is rather nasty and allows attackers to not only execute code remotely but also allows for unauthorised disclosure of information, unauthorised modification of files and disruption of service.
 

Gandalf_The_Grey

Level 21
Verified
'Critical' vulnerability discovered in VLC on Linux and Windows -- but VideoLAN says it is not reproducible:

And on Ghacks:
Confusion about a recently disclosed vulnerability in VLC Media Player - gHacks Tech News
 
Last edited:

silversurfer

Level 52
Verified
Trusted
Content Creator
Malware Hunter
A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago.