Home Hacking News Critical VLC Media Player Vulnerability Discovered By German Researchers
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Critical VLC Media Player Vulnerability Discovered By German Researchers

by Abeerah Hashim
written by Abeerah Hashim
VLC Media Player vulnerabilities

The popular media playing software VLC was recently found to have a critical security flaw. Upon exploit, this flaw can allow potential attackers to execute remote code and conduct other malicious activities. The vendors are presently working on a fix for this VLC Media Player vulnerability.

VLC Media Player Vulnerability

Researchers from German cybersecurity firm CERT-Bund have spotted a critical security flaw in VLC Media Player. This flaw, upon exploit, can lead to serious consequences.

As stated in their advisory [translated],

A remote, anonymous attacker can exploit a vulnerability in VLC to execute arbitrary code, create a denial of service state, disclose information, or manipulate files.

The vulnerability has received the CVE number CVE-2019-13615 with a CVSS v3.0 base score of 9.8. This critical security flaw is basically a heap-based buffer over-read affecting the software. As per its analysis description,

VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.

This security flaw allegedly affects the software across all major operating systems, including Windows, Linux, and Unix.

Patch On The Way

VLC has confirmed the presence of the security flaw. The vendors are presently working to fix this VLC Media Player vulnerability. However, until the time of writing this article, the work status merely shows a 60% progress. That means the firm is still in the process of developing a patch.

The status of the fix for this flaw can be tracked via the ticket #22474.

For now, there seems no possible mitigation or workaround to stay safe from potential exploit. Therefore, the users of this popular media player should avoid using this tool for the time being.

VLC Media Player is popular open-source software. Owing to its seamless compatibility with major operating systems, and the support for most media files types, it is famous among the public. Presently, the website of the software shows over 3 billion downloads.

Take your time to comment on this article.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...