The Latest VLC Media Player Update Comes with a Critical Security Fix
VideoLAN has recently released a new version of VLC Media Player that comes to resolve a critical security vulnerability that could eventually allow for remote code execution.
The update, which brings VLC to version 3.0.11 on Linux, Windows, and Mac, specifically targets the vulnerability documented in CVE-2020-13428 and which only affects the desktop client.
VideoLAN explains that a potential exploit can use a specifically crafted file which when launched with VLC Media Player can trigger a buffer overflow in the H26X packetizer.
In most of the cases, the whole thing would just cause the application to crash, which albeit isn’t something very convenient, is not really that dangerous. But on the other hand, VideoLAN warns that a more complex attack could actually lead to an RCE attack and a potential leak of user information.
Don’t open files or streams from untrusted sources
The good news is that no RCE attacks have been recorded so far, so it’… (read more)