Critical Flaw in VLC Media Player Discovered by German Cybersecurity Agency

A critical security flaw in VLC Media Player has recently been discovered by German cybersecurity watchdog CERT-Bund, who warns that a successful attack would allow for remote code execution.

The vulnerability exists in VLC Media Player version 3.0.7.1, according to the official CVE-2019-13615, which is the latest stable release of the application.

“VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp,” the CVE notes.

According to the document, a successful exploit of the vulnerability allows for unauthorized disclosure of information, unauthorized modification of files, and disruption of service.

Patch already in the works for all platforms

Parent company VideoLAN has already started the development of a patch approximatel… (read more)
Source: Latest News

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *