A critical security flaw in VLC Media Player has recently been discovered by German cybersecurity watchdog CERT-Bund, who warns that a successful attack would allow for remote code execution.
The vulnerability exists in VLC Media Player version 22.214.171.124, according to the official CVE-2019-13615, which is the latest stable release of the application.
According to the document, a successful exploit of the vulnerability allows for unauthorized disclosure of information, unauthorized modification of files, and disruption of service.
Patch already in the works for all platforms
Parent company VideoLAN has already started the development of a patch approximately four weeks ago, according to a bug report. The fix is already 60 percent complete, as per the work status indicator on this page.
At the time of writing this article, there are no details as to whether the vulnerability has been used in the wild for any attacks. However, now that the security flaw is public, there’s a chance the number of attacks could grow, especially against high-profile victims.
VLC Media Player is one of the best, and at the same time, one of the most popular applications of its kind, being able to play nearly every single multimedia format out there. It is available cross-platform and is offered at absolutely no cost, which makes it a must-have for a substantial number of users, regardless of the operating system or device.
Submitted by: Arnfried Walbrecht