Technology News
  • Home
  • Apps
  • Apps News
  • VLC Media Player Hit by Critical Security Flaw That Allows Remote Code Execution, VideoLAN Currently Working on a Patch

VLC Media Player Hit by Critical Security Flaw That Allows Remote Code Execution, VideoLAN Currently Working on a Patch

VideoLAN denies that the proof-of-concept video can crash the media player.

By Nadeem Sarwar | Updated: 24 July 2019 15:01 IST
VLC Media Player Hit by Critical Security Flaw That Allows Remote Code Execution, VideoLAN Currently Working on a Patch

A patch is currently under development and is 60 percent complete

Highlights
  • The security flaw is classified as critical with a risk rating of 9.8/10
  • Only Windows, Linux, and UNIX versions of VLC are affected
  • There is no word when the patch will be released
Advertisement

VLC - the popular open-source media player which recently clocked the 3 billion downloads milestone – is in the news again, but for the wrong reasons. A potentially serious security flaw has been discovered in the media player's PC version that leaves the door open for hackers to execute malicious code. The flaw in VLC can reportedly be exploited for launching a denial of service attack, corrupting files, stealing data, and do a lot more. However, there have been no reports so far of the flaw being exploited and a patch is currently under development.

The security flaw, which was reported by CERT-Bund, has been discovered in version 3.0.7.1 of VLC and currently has a NIST threat score of 9.8 out of 10, classifying it as critical. Labelled CVE-2019-13615 in the National Vulnerability Database, the latest VLC security flaw can be exploited by baiting users into playing a malicious MKV video file. Thus, while some reports urge users to uninstall VLC until the patch is rolled out, it's likely safe just not playing an untrusted MKV format file.

A report by The Register claims that a proof-of-concept video exploiting the vulnerability crashes the VLC media player. However, developer comments on the official VideoLAN bug tracking forum state that the VLC crash result cannot be reproduced in large, and is only functional when the ‘Loop One” feature is enabled on VLC's Windows version.

As for the risks, the flaw can be exploited by a malicious party to remotely execute a harmful code and do damage ranging from data theft to service disruption. So far, there have been no reports of the VLC security flaw being misused. Another thing to note here is that only Windows, UNIX, and Linux versions of VLC are affected by the vulnerability, and not its macOS client. VideoLAN said in a tweet that it was unhappy it wasn't contacted before the flaw was published by vulnerability trackers.

VideoLAN has acknowledged the issue and is currently working on a patch that is said to be 60 percent complete. Interestingly, the company behind VLC media player has denied that the bug can even be reproduced to crash VLC media player at all, and the same message has been relayed by a couple of VLC developers as well. However, we recommend readers to temporarily switch to another media player and come back to VLC after VideoLAN has released a patch to fix the security flaw.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: VLC, VLC Security Flaw
Asus 5Z Price in India Cut, Now Starts at Rs. 24,999
Huawei Mate 30 Pro Allegedly Spotted in Testing, Shows Wide Notch and Dramatically Curved Display

Related Stories

VLC Media Player Hit by Critical Security Flaw That Allows Remote Code Execution, VideoLAN Currently Working on a Patch
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Lenovo Might Launch the First Laptop With Snapdragon X Elite: See Images
  2. OnePlus 11R Solar Red With 8GB RAM, 128GB Storage Debuts in India: See Price
  3. OTT Releases This Week: Rebel Moon Part 2, Article 370 and More
  4. Xiaomi 14 Series May Soon Get an 'AI Treasure Chest' With Several AI Tools
  5. Acer Predator Helios 16, Helios Neo 16 Updated With 14th Gen Intel Core CPUs
  6. Itel Super Guru 4G With YouTube, UPI Support Debuts in India: See Price
  7. 5 Reasons to Switch to the New Galaxy A55 5G, Galaxy A35 5G Today
  8. Vivo V30e to Debut in India on This Date; Key Features, Colours Revealed
  9. Nothing Phone 2 Gets NothingOS 2.5.5 Update With ChatGPT Integration
  10. EA Sports F1 24 Launch Date, Gameplay Features Announced With New Trailer
#Latest Stories
  1. Xiaomi 14 Series 'AI Treasure Chest' With Several AI Tools in Testing, Could Debut This Year: Report
  2. Redmi Note 13 5G Series HyperOS Update Based on Android 14 Begins Rolling Out in India
  3. YouTube Reportedly Rolling Out Support for 8K Resolution Videos on the Meta Quest
  4. Lenovo Yoga Slim 7 (2024) Design Spotted in Leaked Renders; Could Debut as First Snapdragon X Elite Laptop
  5. Samsung Galaxy Z Flip 6 With Snapdragon 8 Gen 3 SoC for Galaxy Allegedly Surfaces on Geekbench
  6. Itel S24 India Launch Teased; Confirmed to Come With 108-Megapixel Main Camera, MediaTek Helio G91 SoC
  7. BWA Lays Down Self-Regulatory Guidelines on Token Listings for Indian Crypto Exchanges
  8. Samsung Galaxy F15 5G With 8GB RAM, 128GB Storage Launched in India: Price, Offers
  9. OnePlus 11R 5G Solar Red Variant With 8GB RAM, 128GB Storage Launched in India
  10. Adobe Express Mobile App With Firefly AI Is Now Available Globally
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »