On the flip side, there are currently no known cases of the vulnerability being exploited in the wild
Germany’s national Computer Emergency Response Team (CERT-Bund) has issued a security advisory to alert users of VLC media player of a severe vulnerability affecting this extremely popular open-source software.
“A remote, anonymous attacker can exploit the vulnerability in VLC to execute arbitrary code, cause a denial-of-service condition, exfiltrate information, or manipulate files,” said CERT-Bund, which also discovered the security loophole.
The memory-corruption flaw is known to reside in the player’s latest release, 3.0.7.1, but may also be present in its earlier versions. It affects the program’s Windows, Linux and UNIX versions and has earned a score of 4 out of 5 on the German agency’s severity scale.
Meanwhile, according to the NIST National Vulnerability Database (NVD), the bug is ‘critical’, having been ranked 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. It is caused by a heap-based memory buffer over-read condition and falls within the CWE-119 identifier. No system privileges and no user interaction are said to be needed for successful exploitation of the vulnerability, which is tracked under CVE-2019-13615.
That said, German tech website Heise.de not ..
Support the originator by clicking the read the rest link below.
