VLC Media Player 3.0.11 Released: Severe Remote Code Execution Flaw Fixed
VLC Player update includes fixes for remote code execution flaws
Reportedly, the VideoLan has released a new version of its widely used media player named VLC Media Player 3.0.11 that is available for different platforms like Windows, Mac, and Linux as well. This new update includes various bug fixes and improvements, however it also has fixed security vulnerability that could lead hackers to execute commands or crash VLC on vulnerable computers.
The aforementioned vulnerability in VLC is tracked as CVE-2020-13428 and is also called as “buffer overflow in VLC’s H26X packetizer” which would allow hackers to execute various commands, and that’s too under same security level as the user do, but if those vulnerabilities are properly exploited.
According to what VideoLan’s reports, this mentioned vulnerability can be exploited by creating a specially developed file and enforcing a targeted user to click the file to open with VLC.
Further, the company has to say that the vulnerability will surely lead the player to crash, however it could also be used by attackers as mentioned to execute commands on remote basis. Here’s the statement of VideoLan:
“If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user. While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed. We have not seen exploits performing code execution through these vulnerability”
Since the discussed vulnerabilities and its disclosure to public regarding problematic code, all users are suggested to download and install the latest version of VLC on their machine. Here mentioned the full change log for newer version:
Fixes HLS regressions Fixes a potential crash on startup on macOS Fixes imprecise seeking in m4a files Fixes resampling on Android Fixes a crash when listing bluray mountpoints on macOS Avoid unnecessary permission warnings on macOS Fixes permanent silence on macOS after pausing playback Fixes AAC playback regression And a security issue