Recently, a news has been booming online that German national Computer Emergency Response Team i.e. CERT-Bund has identified a buffer-overflow issue in the latest version of the VLC player. The buffer-overflow is the issue related to memory and arise when the buffer content size conditions are not implemented properly. Its a bit techy term to understand for non-techy person.

How can it affect you?

The VLC player is Open Source and 3.1 billion users use it for watching movies and videos. An attacker can exploit this issue by manipulated video or VLC supported files. Manipulated file can execute arbitory code on your device by the mean of VLC player and can cause Denial of service, steal or disclose private information or manipulate other system files.

How to be safe?

  1. You can temporarily avoid using VLC till the patch is implemented.
  2. Make sure you open video files in VLC, which are from trusted sources.
  3. Stop using VLC with torrent downloaded files as it can be most dangerous.
  4. Keep watch on updates, Download and install the patched version.

VLC player was already dealing with the Remote Code Execution vulnerability (CVE-2019-13615) and it got the second shot in-row with Buffer Overflow Vulnerability. This vulnerability has been rated by the highest number on the scale given below:

CERT-Bund rated 4/5
NIST-NVD rated 9.8/10

How to download it safely?

  1. Currently the affected VLC player version is 3.0.7.1 and earlier
  2. You are strongly recommended to wait for the development team to release a patched version.
  3. Don’t download it from untrusted sites, as hackers will land you to download malicious setup by fooling you with a fake name of the latest version.
  4. VLC Player download must be from its trusted source. (VLC Player Download – Trusted Source)

Image of affected VLC Player downloading.
VLC Player Download Screenshot – Vulnerable/Affected Version

Do share this post to make others aware, a share cost nothing but can secure 1000s…