“There have been four recent vulnerabilities disclosed that are loosely related to the same area of code. This isn’t the only VLC issue disclosed this month, according to Larry Trowell, principal consultant at Synopsys. According to NIST’s National Vulnerability Database, the vulnerability CVE-2019-13615 in the media player “has a heap-based buffer over-read.” If exploited, an attacker could gain remote access and potentially disclose information, manipulate files or create a denial-of-service state. In general, VLC does not have a good reputation in the security industry as they regularly will leave vulnerable pre-compiled executables for download despite having patched them in the latest source code," said Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team (VERT). “Video players are a frequent target for file format exploits due to the inherent complexity of parsing multimedia files.” I absolutely would not recommend that anyone access untrusted content with VLC due to the high risk of memory corruption vulnerabilities. “This is just one in a long and constant stream of flaws in VLC. The latest edition of nonprofit VideoLAN’s VLC media player software has what Germany agency CERT-Bund is calling a serious security flaw that allows hackers to install and run software without user knowledge, according to NewsX.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |