قالب وردپرس درنا توس
Home / Mac / VLC Media Player Critical Security Error Warning

VLC Media Player Critical Security Error Warning



  VLC Media Player Critical Security Error Warning "title =" VLC Media Player Critical Security Error Warning "src =" http://www.computing.co.uk/w-images/3ca2822e-84db-4f89 -b2f6 -beb5f14d6376 / 4 / VLCmediaplayer-580x358.jpg "/> 
 
<figcaption>
<p>
  VLC is a very popular media player application with more than three billion downloads worldwide
</p>
</figcaption></div>
<div>
<p>  Another critical vulnerability in VLC Media Player, which could allow hackers to access and modify data on devices, has been identified by the German security agency CERT-Bund. </p>
<p>  CERT-Bund has not yet observed the vulnerability exploited by nature by the attackers. The development will, however, almost certainly come forward in the coming days considering that the vulnerability is now public. In addition, a solution has not yet been released. </p>
<p>  The newly discovered error, indexed as CVE-201<div class=
9-13615, is found in the VLC Media Player version 3.0.7.1 – the latest version of the program, according to the CERT Bund. It is rated at 9.8 in the NIST's National Vulnerability Database, making it a critical vulnerability. The error allows remote code execution (RCE), unauthorized modification and disclosure of data / files, and disruption of service.

"VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv :: demux_sys_t :: FreeUnused () in modules / demux / mkv / demux.cpp when called from mkv :: Open in modules / demux / mkv / mkv.cpp, "CVE report notes.

According to WinFuture The problem exists in Windows, Linux and UNIX versions of the program, while the MacOS version seems apparently unaffected.

VLC Media Player's developer, non-profit organization VideoLAN, is currently working with a patch that it claims is now 60 percent complete. The company has been working on the solution for the past four weeks, according to the company's error report.

Last month, VideoLAN launched the largest single security update for VLC Media Player in its history. The update contained repairs for a total of 33 security issues, two of which were labeled critical, 21 medium and 10 characterized low.

The first critical error, indexed as CVE-2019-12874, is an error in the printer decoder library with FAAD2 MPEG-4 and MPEG-2 AAC used by VLC 3.0.6 and earlier.

The other critical error, indexed as CVE-2019-5439, is a stack buffer overflow error. It is available in version 4.0.0 Beta's reliable Internet power transport and can allow RCE to be at the user's privilege.

VLC is a popular and widely used open source media player, with over three billion downloads worldwide. The application can play almost any multimedia format that goes and is free to download and use.

July has been a special busy time for updates and updates. Oracle released a tranche of over 300 last week, while Microsoft's Christmas package on Tuesday addressed 77 vulnerabilities.

In the meantime, BlackBerry is rushing out a patch to fix errors in its Cylance anti-virus software.

Further reading


Source link