VLC Media Player Hit by Critical Security Flaw That Allows Remote Code Execution, VideoLAN Currently Working on a Patch

VideoLAN denies that the proof-of-concept video can crash the media player.

Advertisement
By Nadeem Sarwar | Updated: 24 July 2019 15:01 IST
Highlights
  • The security flaw is classified as critical with a risk rating of 9.8/10
  • Only Windows, Linux, and UNIX versions of VLC are affected
  • There is no word when the patch will be released
VLC Media Player Hit by Critical Security Flaw That Allows Remote Code Execution, VideoLAN Currently Working on a Patch

A patch is currently under development and is 60 percent complete

VLC - the popular open-source media player which recently clocked the 3 billion downloads milestone – is in the news again, but for the wrong reasons. A potentially serious security flaw has been discovered in the media player's PC version that leaves the door open for hackers to execute malicious code. The flaw in VLC can reportedly be exploited for launching a denial of service attack, corrupting files, stealing data, and do a lot more. However, there have been no reports so far of the flaw being exploited and a patch is currently under development.

The security flaw, which was reported by CERT-Bund, has been discovered in version 3.0.7.1 of VLC and currently has a NIST threat score of 9.8 out of 10, classifying it as critical. Labelled CVE-2019-13615 in the National Vulnerability Database, the latest VLC security flaw can be exploited by baiting users into playing a malicious MKV video file. Thus, while some reports urge users to uninstall VLC until the patch is rolled out, it's likely safe just not playing an untrusted MKV format file.

A report by The Register claims that a proof-of-concept video exploiting the vulnerability crashes the VLC media player. However, developer comments on the official VideoLAN bug tracking forum state that the VLC crash result cannot be reproduced in large, and is only functional when the ‘Loop One” feature is enabled on VLC's Windows version.

As for the risks, the flaw can be exploited by a malicious party to remotely execute a harmful code and do damage ranging from data theft to service disruption. So far, there have been no reports of the VLC security flaw being misused. Another thing to note here is that only Windows, UNIX, and Linux versions of VLC are affected by the vulnerability, and not its macOS client. VideoLAN said in a tweet that it was unhappy it wasn't contacted before the flaw was published by vulnerability trackers.

Advertisement

VideoLAN has acknowledged the issue and is currently working on a patch that is said to be 60 percent complete. Interestingly, the company behind VLC media player has denied that the bug can even be reproduced to crash VLC media player at all, and the same message has been relayed by a couple of VLC developers as well. However, we recommend readers to temporarily switch to another media player and come back to VLC after VideoLAN has released a patch to fix the security flaw.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: VLC, VLC Security Flaw
Asus 5Z Price in India Cut, Now Starts at Rs. 24,999
Huawei Mate 30 Pro Allegedly Spotted in Testing, Shows Wide Notch and Dramatically Curved Display
Advertisement

Related Stories

VLC Media Player Showcases AI-Powered Subtitle Generation, Translation Feature at CES 2025
13 January 2025
Nvidia Will Soon Bring RTX Video HDR to VLC Media Player and Video-Editing Software
3 June 2024
VLC App for iPhone Gets Support for Apple CarPlay, New Audio Playback UI in Latest Update: All Details
3 May 2023
VLC Media Player Website Block in India Lifted After VideoLAN Issues Legal Notice to DoT, MeitY
15 November 2022
VLC Media Player Developer VideoLAN Issues Legal Notice to DoT, MeitY Over Website Ban in India
4 October 2022

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. NASA Satellite Detects Tree Leaf Changes as Early Volcano Eruption Warning Signal
#Latest Stories
  1. NASA Satellite Detects Tree Leaf Changes as Early Volcano Eruption Warning Signal
  2. Russian Researchers Discover 11 New Active Galactic Nuclei In Spektr-RG X-ray Survey
  3. New Study Reveals Recent Ice Gains in Antarctica, But Long-Term Melting Continues
  4. Astronomers Discover Teleios, A Supernova Remnant with Perfect Symmetry
  5. NASA’s SWOT Satellite Reveals Big Impact of Small Ocean Currents and Waves in n Marine Ecosystems
  6. Ironheart OTT Release Date: When and Where to Watch Marvel’s Upcoming Mini Series?
  7. NASA’s Europa Clipper Captures Stunning Infrared Image of Mars
  8. Captain America: Brave New World OTT Release Date: When and Where to Watch Marvel Movie Online?
  9. Iyer in Arabia Now Streaming on SunNXT: What You Need to Know About Shine Tom Chacko, Arfaz Iqbal Starrer Malayalam Comedy Film
  10. Manamey Tamil Version Now Streaming on Aha: Everything You Need to Know
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.