[ad_1]
Updated (25.07.2019): According to VLC, the developer, VideoLAN is not the affected player, but a vulnerability of the software library "libebml", which comes from a third party.
It has already been solved about a year and a half ago with version 3.0.3 of VLC. The MITER Corporation accuses however of not having contacted the developers, which (not for the first time) violates their own rules.
Means: The current version of the VLC player is not affected by the problem when using this special software library and the cert has now been fixed. The risk is no longer considered "high" but clbadified as "low".
About the "security problem" on #VLC : VLC is not vulnerable.
tl; dr: the problem is in a third-party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has provided the correct version, and @MITREcorp did not even check their claim.thread:
– VideoLAN (@videolan) July 24, 2019
Source: IT database
Original message (24.07.2019): Someone of you probably uses the VLC media player.
The Federal Office of Information Security (BSI) and the Federal Emergency Response Team (CERT) (CERT) are currently warning of a serious flaw in the security agenda.
Visé is version 3.0.7.1 of VLC Media Player for Linux, macOS and Windows, we speak of "high" risk.
This vulnerability allows you to execute any code without user rights or special interactions. This could "run any program code, create a denial of service state, disclose information, or manipulate files," writes the CERT.
The cause is an error in the player's MKV module. It is used to read files with .mka, .mkv, .mgs and .mk3d extensions.
As the CERT points out, it is not clear if older versions are affected and for how long the error may already exist.
The developer of VLC Media Player has been aware of the vulnerability for about a month and is working with the "highest priority" on a new version. When this appears it is not clear.
Source: BSI, CERT, Spiegel Online
[ad_2]
Source link
