Installed on billions of computers, the star of multimedia players VLCC is the victim of a flaw in its latest version. While waiting for a patch to come online, it is therefore advisable not to install it.
CERT-Bund, the center of responses to cyberattacks from the German government, has unveiled a new flaw in the VLC media player, dubbed CVE-2019-13615. The US government agency NIST gives it a score of 9.8 out of 10, which is synonymous with a critical flaw. The problem is even more serious on such popular software.
A virus or a malicious person could exploit the overflow of the buffer (buffer overflow) to allow remote code execution and file access to the victim machine. The German agency notes, however, that it has not found any program authority exploiting this flaw.
A 60% fix completed
The flaw is for version 18.104.22.168 of the software, only the latest update. It is present on Windows and Linux operating systems, but would not affect the version on macOS. For those who still use an older version, it is advisable to wait until a patch is released before updating VLC.
An update should appear soon, the developers of VLC working on it for a month. A ticket has been posted on their bug tracking system, which indicates that the fix is already 60%. In the meantime, it’s better to limit yourself to source-safe multimedia files.