VideoLan released VLC 3.0.11 that fixes code execution vulnerability with VLC media player 3.0.10 and earlier versions.
The vulnerability can be tracked as CVE-2020-13428 , a remote attacker can trigger a buffer overflow in VLC’s H26X packetizer by using a specifically crafted file.
“While these issues in themselves are most likely to just crash the player, we can’t exclude that they could be combined to leak user information or remotely execute code. ASLR and DEP help reduce the likeliness of code execution, but maybe bypassed,” reads the advisory .
To exploit the vulnerability the targeted user needs to explicitly open the specially crafted file or stream.
Users are recommended to update with VLC media player 3.0.11 to addresses the issue. As workaround users are recommended not to open files from untrusted sources.
VLC is a highly portable multimedia player that supports an enormous number of multimedia formats, without downloading any additional codecs.
Following are the Fixes with 3.0.11
Complete change log can be found here .
Also Read
Vulnerability with VLC for iOS Allows Attackers to Steal Data from Storage
VideoLAN Fixed 13 VLC Media Player Vulnerabilities that allow Attackers to Execute Arbitrary Code Remotely
Critical Vulnerability in VLC Media Player 3.0.7.1 Let Hackers to Execute Arbitrary Code
thank you so much for what you do, fortunately because of your coverage i’m well ahead of the curve on getting hacked.
to the dump furniture store the dump furniture online
