Its time when hackers could hack your PC easily using abnormally formed video file.
ITS TRUE ,
Critical vulnerabilities in VLC media Player let hackers load specially designed video files in the vulnerable system to execute the arbitrary code.
VLC media player vulnerability that allows hackers to execute arbitary code in your system by playing untrusted streaming video in your VLC media player has been fixed by a security update released by VideoLAN.
VideoLAN project developed VLC Media Player which is a open source cross platform and streaming media server .
2 vulnerability were uncovered and reported by Symeon Paraschoudis from pentest partners and zhangyang from Hackerone.
- A buffer overflow vulnerability (CVE-2019-5439) that resides in ReadFrame (demux/avi/avi.c) allows a remote user can create some specially crafted avi or mkv files that will trigger a heap buffer overflow load into a targeted system.
- Second high severity (CVE-2019-12874) MKV double free vulnerability in zlib_decompress_extra() (demux/mkv/utils.cpp) can be triggered while parsing a malformed mkv file.
VLC is one of the biggest media player used in more than hundred millions of major Operating Systems including Windows,IOS,Mac,Android etc and is downloaded by 200 million user around world
IF the malformed file is successful executed in the Successfully execution in the targeted system then it will leads to crash of VLC Media player and eventually the arbitrary code will be executed by attacker with the context of privileged users.
According to VideoLAN
, “The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied. “
Patch has been applied for both vulnerability in VLC player 3.0.7 UPDATE.
To prevent system from hackers to exploit this vulnerability All the users urged to update the VLC player 3.0.7 immediately.