German cybersecurity agency identifies critical flaw in VLC Media Player

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A German cybersecurity agency, CERT-Bund, which is responsible for organising the country's response to any computer emergencies, has recently discovered what it describes as a critical flaw in the popular VLC Media Player.

VLC is known to be a highly compatible media player, and thus boasts an impressive total downloads of over 3 billion, making this vulnerability all the more dangerous. CERT-Bund classified the vulnerability, officially logged as CVE-2019-13615, to be a "High" (Level 4) exploit, which is the second-highest risk assessment level by the agency.

The exploit is rather nasty and allows attackers to not only execute code remotely but also allows for unauthorised disclosure of information, unauthorised modification of files and disruption of service.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
'Critical' vulnerability discovered in VLC on Linux and Windows -- but VideoLAN says it is not reproducible:

And on Ghacks:
Confusion about a recently disclosed vulnerability in VLC Media Player - gHacks Tech News
 
Last edited:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top