Alleged critical VLC flaw is nothing to worry about -- and is nothing to do with VLC
1 min read
Jul 25, 2019
There has been a lot of confusion over the last few days after news spread of a supposedvulnerability in the media player VLC. Despite being labelled as "critical", VLC's developers, VideoLAN, denied there was a problem at all.
And they were right. While there is a vulnerability, it was in a third-party library, not VLC itself. On top of this, it is nowhere near as severe as first suggested. Oh -- and it was fixed over a year ago. An older version of Ubuntu Linux was to blame for the confusion.
The problem actually exists in a third-party library called libebml, and the issue was addressed some time ago. The upshot is that if you have updated VLC within the last year, there is no risk whatsoever. VLC's developers are understandably upset at the suggestion that their software was insecure.
The link for this article located at BetaNews is no longer available.
Related Articles
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Growth in Open Source Use Among Businesses Analyzed
1 - 0 min read
SPDX 3.0 Revolutionizes Software Management & Security
