Messenger Kids app: Error expose underage children!
business infosec

Messenger Kids app: Error expose underage children!

About two years ago, Facebook after constant demand from users for secure children's communication through ...
Read More
infosec

Cloud-based hosting provider iNSYNQ fell victim to ransomware

Last Tuesday, iNSYNQ, which offers virtual desktop environments, fell victim to ransomware, causing it to shut down ....
Read More
infosec

Malicious framework generates 1 million ads

Flashpoint researchers have discovered a great advertising framework that is parasitic of Google AdSense ads. Researchers have said that ...
Read More
infosec

Equifax: 650 fine for million-dollar hacking for 2017

Equifax is going to pay a huge fine (about 650 million dollars) for the 2017 data breach incident ....
Read More
infosec

VLC Media Player: Vulnerability allows hackers to run code

Critical vulnerability was discovered in the current version of VLC Media Player. This flaw allows hackers to execute code in ...
Read More
Latest Posts

VLC media player: 2 has identified critical vulnerabilities. Update immediately!

VLC media player has two high-risk security flaws in 3.0.6 and earlier software versions that allow hackers to load specially processed video files on the vulnerable system to run arbitrary code.

For those who do not know, the VLC media player is one of the best and most popular media players with over 3 billion downloads.

It is a free and open source platform that can be used in Windows, MacOS, Linux, as well as on mobile platforms Android and iOS. Whatever the format, VLC Media Player can play virtually any kind of audio and video you want.

VLC

The vulnerability is called CVE-2019-12874 and is in "zlib_decompress_extra () (demux / mkv / utils.cpp)" of the VideoLAN VLC Player. It can be enabled when detecting a defective mkv file type in the Matroska demuxer.

A second high-risk flaw called CVE-2019-5439 was also identified and, in essence, constitutes a buffer overflow vulnerability found in ReadFrame (demux / avi / avi.c).

It allows a remote user to create some specially configured avi or mkv files which, when loaded by the target user, will trigger a buffer overflow.

Successful execution of an infected file in the system could cause either a VLC crash or an arbitrary execution code with the privileges of the target user.

A potential intruder can exploit these vulnerabilities cheating the user to open a specially crafted malicious MKV or AVI video file.

VLC users are strongly recommended to upgrade the media player software to the VLC 3.0.7 version or to newer ones to prevent hackers to exploit this vulnerability in their systems.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *