HomeOur Team

Critical RCE bug found in VLC Media Player

By Tom Grant
Published in OS
March 25, 2020
1 min read

Specialists of the German CERT-Bund discovered a dangerous vulnerability in a popular media player that allows remote execution of arbitrary code. The fix is ​​already in development, but not yet ready.

It is reported that the problem poses a threat to the newest version of VLC Media Player 3.0.7.1 (for Windows, Linux and UNIX) and received the identifier [CVE-2019-13615](https://nvd.nist.gov/vuln/detail/CVE-2019-13615#

The vulnerability is of type buffer overread, and the bug root lies in the mkv :: demux_sys_t :: FreeUnused () function in modules / demux / mkv / demux.cpp triggered during a call from mkv :: Open in modules / demux / mkv / mkv .cpp.

Exploiting a vulnerability can lead not only to the execution of arbitrary code, but also to unauthorized disclosure of information, file changes and denial of service.

According to the bug report , the VideoLAN developers have been working on creating a patch for this problem for almost a month, but the fix is ​​not ready yet. Judging by the status indicator, at present the patch is only 60% ready.

At the moment, developers and researchers do not have information that attackers already exploit this vulnerability. But, unfortunately, now, after the publication of data about the bug, the situation can quickly change for the worse.


Tags

#vlc
Previous Article
Data breach of public forum website Quora
Tom Grant

Tom Grant

Product Designer

Related Posts

Remote Desktop Services - Vulnerability
April 09, 2020
1 min
© 2022, All Rights Reserved.

Quick Links

Our TeamContact Us

Legal Stuff

Social Media