A critical security flaw in VLC Media Player has recently been discovered by German cybersecurity watchdog CERT-Bund, who warns that a successful attack would allow for remote code execution.
The vulnerability exists in VLC Media Player version 18.104.22.168, according to the official CVE-2019-13615, which is the latest stable release of the application.
“VideoLAN VLC media player 22.214.171.124 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp,” the CVE notes.
According to the document, a successful exploit of the vulnerability allows for unauthorized disclosure of information, unauthorized modification of files, and disruption of service.
Patch already in the works for all platforms
Parent company VideoLAN has already started the development of a patch approximatel… (read more)
Source: Latest News