VLC Security Vulnerability

    VLC Security Vulnerability

    VLC Security Vulnerability


    Last Updated: 21 Jul 2019 at 07:07
    A serious Vulnerability has been found in the current version of the VLC media player. It can allow an attacker to remotely view and alter data, as well as execute code, on affected systems. VideoLan is working on a fix to be incorporated into the next version of VLC, but there's no ETA.

    Source: NVD - CVE-2019-13615
    Edwin's Avatar Posted By:

  1. Steve C's Avatar
    Posts : 6,671
    Windows 10 Pro 64 bit
       #1

    Does VLC have to be running to be vulnerable or just installed?
      My Computers

  2. JMedlock83's Avatar
    Posts : 617
    Windows 10 Pro x64
       #2

    It's a long shot if it happens. You have better chance of getting struck by lightning, honestly.
      My Computers

  3. jimbo45's Avatar
    Posts : 10,809
    Windows / Linux : Arch Linux
       #3

    Hi there
    If you are paranoid about this problem use another media player until it's fixed -- KODI plays everything VLC does and there are a whole slew of other ones. VLC is good and I'm sure a fix will be released quickly.

    Personally I'd never use any Windows OS for multi-media streaming or playing but that's an individuals choice -- VLC runs perfectly on a lot of Linux NAS systems, Android devices, smart TV's and things like Amazon fire sticks. All these OS'es have better protection against these sorts of exploits anyway and I really can't say I'd be bothered if someone wanted to hack into my Smart TV - nothing for them there !!!!.

    Cheers
    jimbo
      My Computer

  4. larc919's Avatar
    Posts : 3,188
    Windows 10 Pro x64
       #4

    jimbo45 said:
    If you are paranoid about this problem use another media player until it's fixed -- KODI plays everything VLC does and there are a whole slew of other ones. VLC is good and I'm sure a fix will be released quickly.
    There are even a few such as PotPlayer that I feel are better than VLC.
      My Computer

  5. TairikuOkami's Avatar
    Posts : 4,908
    Windows 11 Home Dev 22xxx
       #5

    Steve C said:
    Does VLC have to be running to be vulnerable or just installed?
    Most likely running, since it is caused by buffer overflow.
    VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.
    As for the remote exploitation, I wonder if a firewall would help? We will see, once full details are disclosed.
      My Computer

  6. Callender's Avatar
    Posts : 4,409
    21H1 64 Bit Home
       #6

    larc919 said:
    There are even a few such as PotPlayer that I feel are better than VLC.
    Ditto on that. Potplayer with MadVR plugin is better.
      My Computer

  7. Ground Sloth's Avatar
    Posts : 345
    Windows 10
       #7

    VLC engineers are saying that the issue is in a third-party library, and it was fixed over 16 months ago.

    VideoLAN (@videolan) | Twitter

      My Computer

  8. Ground Sloth's Avatar
    Posts : 345
    Windows 10
       #8

    The CVSS v3.0 base score, which measures the overall severity of a vulnerability, was changed from 9.8 (critical) to 5.5 (medium).

    NVD - CVE-2019-13615
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:01.
Find Us




Windows 10 Forums