News

Researchers find vulnerability in VLC that enables remote code execution – update

By admin
Spread the love

Researchers have discovered a vulnerability in media player VLC that allows remote code execution. According to the discoverers, it is a buffer overflow leak. VLC is now working on a patch, but it is not yet available.

The researchers of the German security watchdog CERT-Bund discovered the leak and have given it the code CVE-2019-13615. The vulnerability is in the latest stable version of the VLC Media Player, version 3.0.7.1, and below. The vulnerability allows remote code execution to be performed on a victim’s system. It would also be possible to steal information from a system or modify files, for example by encrypting them. According to the researchers, this is a heap-based buffer overflow and occurs in all versions of VLC.

VideoLAN, the company behind the media player, started a patch a month ago. That would be about sixty percent ready, according to the company’s bug tracker. It is not known whether the vulnerability has been actively exploited.

Update 25-07: VideoLAN has responded to the message, saying that the vulnerability was in outdated third-party libraries. We have written a follow-up message.

Facebook Notice for EU! You need to login to view and post FB Comments!
You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Igor’s Lab shares specs LGA1851 socket Arrow Lake: PCIe 5.0 SSDs and more pins

News

Firefox beta has support for Nvidia video upscaling technique

News

Bambu Lab announces P1S 3D printer

News

PS5 accessibility controller Access will be released in December and will cost 90…