Germany’s national Computer Emergency Response Team (CERT
Bund) has issued a security alert for a critical vulnerability in the VLC Media
Player.
The memory corruption flaw, CVE-2019-13615, affects VLC
3.0.7.1 in Linux, UNIX, Windows and if exploited can allow an attacker to remotely
execute arbitrary code, create a denial of service state, disclose information,
or manipulate files, CERT Bund wrote.
There is no patch yet available, but ESET
noted, “On the bright side, there are no known cases of the security hole being
under active exploitation. Nevertheless, until the patch is shipped, perhaps
the only workaround appears to be to refrain from using the player altogether.”
Gloss