Critical vulnerability found in VLC Media Player

News by Doug Olenick

Germany's national Computer Emergency Response Team issued a security alert for a critical vulnerability in VLC Media Player

Germany’s national Computer Emergency Response Team (CERT Bund) has issued a security alert for a critical vulnerability in the VLC Media Player.

The memory corruption flaw, CVE-2019-13615, affects VLC 3.0.7.1 in Linux, UNIX, Windows and if exploited can allow an attacker to remotely execute arbitrary code, create a denial of service state, disclose information, or manipulate files, CERT Bund wrote.

There is no patch yet available, but ESET noted, "On the bright side, there are no known cases of the security hole being under active exploitation. Nevertheless, until the patch is shipped, perhaps the only workaround appears to be to refrain from using the player altogether."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews