Last year, the European Union launched a new program to sponsor some popular open source software to solve security problems, because the EU itself used these open source software. Most of the open source software itself has limited funds, so it is impossible to launch a bug bounty program. The EU provides a 6.68 million vulnerabilities bounty program for these open source software, and global security researchers are free to participate in submitting vulnerabilities and then receive the bounty.
After all, there is money to do things, so after the launch of this bounty program in the European Union, VLC players have also been concerned by many security people and actively looking for flaws. In the past few months, security researchers have found that VLC players contain a total of 33 security vulnerabilities that include 2 high-security issues.
To resolve these vulnerabilities, the VLC has released the 3.0.7 update. This version does not have any new features that are purely bug fixes. VLC says it is recommended that all users upgrade immediately.
One of the high-risk vulnerabilities is Out-of-Bound Write and a Stack Buffer Overflow, but the details of these security vulnerabilities have not been announced in detail. A security researcher submitted 13 bugs for a total of $13,265.02 in paid bounties