The update, which brings VLC to version 3.0.11 on Linux, Windows, and Mac, specifically targets the vulnerability documented in CVE-2020-13428 and which only affects the desktop client.
VideoLAN explains that a potential exploit can use a specifically crafted file which when launched with VLC Media Player can trigger a buffer overflow in the H26X packetizer.
In most of the cases, the whole thing would just cause the application to crash, which albeit isn’t something very convenient, is not really that dangerous. But on the other hand, VideoLAN warns that a more complex attack could actually lead to an RCE attack and a potential leak of user information.
Don’t open files or streams from untrusted sources
The good news is that no RCE attacks have been recorded so far, so it’… (read more)
Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop by Dell or HP!
Top Trending Pages: Ubuntu Hosting | Download Ubuntu Software | Share Ubuntu Files With Windows