'Vulnerable for VLC media players' is a false alarm, the originator VideoLAN makes a statement



VLC media player to develop the VideoLAN is, for reports that there is a critical vulnerability in VLC media player, on Twitter 'vulnerability is already corrected, coverage is a mistake,' announced the statement that.




CERT-Bund , an emergency response team from the Federal Electronic Information Security Agency (BSI) in Germany, may execute arbitrary code execution and file manipulation remotely on a free software VLC media player on July 19, 2019. It is announced that a possible vulnerability has been discovered. ' Vulnerabilities have been registered with Miter 's Vulnerability Information Database (CVE) and the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST) and have been rated as critical issues.

Unusual Media Player 'VLC' finds vulnerability to enable PC hijacking-GIGAZINE



However, according to VideoLAN's official Twitter account, although the reported vulnerability actually exists, it is due to a third party library ' libeml ' and has been fixed more than 16 months ago. Also, the VLC media player has been modified from version 3.0.3. Therefore, it is reported that the latest version, version 3.0.7.1, could not confirm the vulnerability and could not reproduce the Video LAN.

VideoLAN pointed out that the vulnerability was supposed to be fixed, 'The reporter is using an older version of Ubuntu 18.04 and the library update is incomplete.' Although VideoLAN threw an inquiry email to CERT-Bund, there was no reply.



Even though it has been fixed, the vulnerability has been reported to CVE and NVD and has been registered. According to VideoLAN, there has been a number of cases where the vulnerability of VLC media player has been registered in CVE without being contacted by Mitre, and VideoLAN has caused mistrust of Mitre. VideoLAN also criticizes Gizmode , an overseas media that urged them to ' uninstall immediately '.

in Software, Posted by log1i_yk