VLC said that the RCE vulnerability is incorrect and does not affect user security

Earlier, we mentioned that security agencies issued warnings that high-risk vulnerabilities in the well-known open-source media player VLC affect hundreds of millions of users around the world. The organization that issued this warning was the German Federal Computer Emergency Response Center. Therefore, many news media released warning messages after the news was released. The warning message is that VLC’s high-risk vulnerabilities can lead to remote code execution, information leakage, and service interruption. Users are advised to temporarily disable the VLC player.

Given that the vulnerability is extremely dangerous and VLC officials have not yet released a new version to fix it, many users who use the player have also confirmed concerns about security. However, VLC officially posted a message on Twitter that the vulnerability exists but it is actually a third-party library problem. This software library is mainly used to parse .EBML files. At present, the vulnerability of this software library has been fixed, and this vulnerability has not caused serious harm and will not affect the security of users.

The VLC team even accused the German Federal Computer Emergency Response Center of not contacting the team before issuing an alert, without verifying the actual information.