"VideoLAN VLC media player 18.104.22.168 has a heap-based buffer over-read in mkv :: demux_sys_t :: FreeUnused () in modules / demux / mkv / demux.cpp when called from mkv :: Open in modules / demux / mkv / mkv.cpp, "CVE report notes.
According to WinFuture The problem exists in Windows, Linux and UNIX versions of the program, while the MacOS version seems apparently unaffected.
VLC Media Player's developer, non-profit organization VideoLAN, is currently working with a patch that it claims is now 60 percent complete. The company has been working on the solution for the past four weeks, according to the company's error report.
Last month, VideoLAN launched the largest single security update for VLC Media Player in its history. The update contained repairs for a total of 33 security issues, two of which were labeled critical, 21 medium and 10 characterized low.
The first critical error, indexed as CVE-2019-12874, is an error in the printer decoder library with FAAD2 MPEG-4 and MPEG-2 AAC used by VLC 3.0.6 and earlier.
The other critical error, indexed as CVE-2019-5439, is a stack buffer overflow error. It is available in version 4.0.0 Beta's reliable Internet power transport and can allow RCE to be at the user's privilege.
VLC is a popular and widely used open source media player, with over three billion downloads worldwide. The application can play almost any multimedia format that goes and is free to download and use.
July has been a special busy time for updates and updates. Oracle released a tranche of over 300 last week, while Microsoft's Christmas package on Tuesday addressed 77 vulnerabilities.
In the meantime, BlackBerry is rushing out a patch to fix errors in its Cylance anti-virus software.