“The sky is falling; Uninstall VLC right now! "It is advisable that some sites provide. But the alleged VLC error is blown away – and according to VLC's developers, it may not be a real risk.
This commotion started with the publication of CVE-201
Hey @MITREcorp and @CVEnew the The fact that you NEVER contact us for VLC vulnerabilities for many years before publishing is really not cool; but at least you can check your information or check yourself before sending 9.8 CVSS vulnerability publicly …
– VideoLAN (@videolan) July 23, 2019
But that's bad, right ? That's 9.8 out of 10 – when security errors go, it sounds like an incoming nuclear attack. This error can apparently lead to remote code execution, which is poor. Attackers can gain control of your system through an error in VLC.
As CVE explains, this error requires playing a malformed MKV file. In theory, if you download a malicious MKV file from the web and run it, it can compromise VLC – even if no one claims this has ever happened in the real world. The MacOS version of VLC does not appear to be affected.
So even though this error is so bad, it looks, you just have to be careful about MKV files – don't download non-reliable MKV files and play them in VLC until a patch is released. Stay away from MKV if you pirate media.
But not so fast! VLC's developers say they can't even reproduce the problem and suggest that there are serious issues with the original exploitation report.
Have you checked this yourself?
No one can reproduce this problem here.
– VideoLAN (@Videolan) July 23, 2019
At the end of the day, it is probably a good idea to stay away from downloaded MKV files until VLC updates this error. But that's all you really need to do, and even being paranoid.
As VLC developers explain on VideoLAN bug tracker:
“Sorry, but this error is not reproducible and does not crash VLC at all. "-Jean-Baptiste Kempf
" If you land on this ticket through a news article claiming a critical error in VLC, I suggest you read the comment above and revise your (fake) news sources. "-Francois Cartegnie
" This does not crash a normal edition of VLC 184.108.40.206 "-Jean-Baptiste Kempf