This isn’t the only VLC issue disclosed this month, according to Larry Trowell, principal consultant at Synopsys. According to NIST’s National Vulnerability Database, the vulnerability CVE-2019-13615 in the media player “has a heap-based buffer over-read.”
If exploited, an attacker could gain remote access and potentially disclose information, manipulate files or create a denial-of-service state. In general, VLC does not have a good reputation in the security industry as they regularly will leave vulnerable pre-compiled executables for download despite having patched them in the latest source code," said Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team (VERT). “Video players are a frequent target for file format exploits due to the inherent complexity of parsing multimedia files.” I absolutely would not recommend that anyone access untrusted content with VLC due to the high risk of memory corruption vulnerabilities. “This is just one in a long and constant stream of flaws in VLC. The latest edition of nonprofit VideoLAN’s VLC media player software has what Germany agency CERT-Bund is calling a serious security flaw that allows hackers to install and run software without user knowledge, according to NewsX.
0 kommentar(er)
