CVE-2019-13615: VideoLAN VLC code execution vulnerability alert

The German network security agency CERT-Bund is responsible for organizing the country’s computer security-related emergency response, and they recently discovered a critical flaw in the popular VLC media player. As we all know, VLC is a cross-platform compatible media player with a total download of more than 3 billion, which makes this vulnerability even more dangerous.

CERT-Bund classified the vulnerability (formally recorded as CVE-2019-13615) as an “advanced” (level 4) vulnerability, which is the agency’s second-highest risk assessment level. A CVSS v3.0 score for this flaw is 9.8 CRITICAL. The vulnerability is very dangerous, allowing an attacker to not only execute code remotely, but also to lead to unauthorized disclosure of information, unauthorized file modifications, and service interruptions. The latest VLC version, 3.0.7.1 is also vulnerable.

VLC is currently creating a fix. CERT-Bund said that there are no known cases of attackers exploiting this vulnerability, but it may be a good idea to circumvent the use of VLC until the vulnerability is fixed.