Live Updates: COVID-19 Cases
  • World 30,900,217
    World
    Confirmed: 30,900,217
    Active: 7,441,886
    Recovered: 22,498,906
    Death: 959,425
  • USA 6,955,092
    USA
    Confirmed: 6,955,092
    Active: 2,548,030
    Recovered: 4,203,497
    Death: 203,565
  • India 5,392,666
    India
    Confirmed: 5,392,666
    Active: 1,010,212
    Recovered: 4,295,755
    Death: 86,699
  • Brazil 4,503,002
    Brazil
    Confirmed: 4,503,002
    Active: 577,828
    Recovered: 3,789,139
    Death: 136,035
  • Russia 1,097,251
    Russia
    Confirmed: 1,097,251
    Active: 171,450
    Recovered: 906,462
    Death: 19,339
  • Peru 756,412
    Peru
    Confirmed: 756,412
    Active: 124,334
    Recovered: 600,795
    Death: 31,283
  • Mexico 688,954
    Mexico
    Confirmed: 688,954
    Active: 123,959
    Recovered: 492,192
    Death: 72,803
  • Spain 659,334
    Spain
    Confirmed: 659,334
    Active: 628,839
    Recovered: ?
    Death: 30,495
  • South Africa 657,627
    South Africa
    Confirmed: 657,627
    Active: 54,926
    Recovered: 586,844
    Death: 15,857
  • Chile 444,674
    Chile
    Confirmed: 444,674
    Active: 14,319
    Recovered: 418,101
    Death: 12,254
  • France 442,194
    France
    Confirmed: 442,194
    Active: 319,346
    Recovered: 91,574
    Death: 31,274
  • Iran 419,043
    Iran
    Confirmed: 419,043
    Active: 37,293
    Recovered: 357,632
    Death: 24,118
  • UK 390,358
    UK
    Confirmed: 390,358
    Active: 348,599
    Recovered: ?
    Death: 41,759
  • Bangladesh 347,372
    Bangladesh
    Confirmed: 347,372
    Active: 88,073
    Recovered: 254,386
    Death: 4,913
  • Saudi Arabia 329,271
    Saudi Arabia
    Confirmed: 329,271
    Active: 15,383
    Recovered: 309,430
    Death: 4,458
  • Pakistan 305,031
    Pakistan
    Confirmed: 305,031
    Active: 6,572
    Recovered: 292,044
    Death: 6,415
  • Turkey 301,348
    Turkey
    Confirmed: 301,348
    Active: 27,786
    Recovered: 266,117
    Death: 7,445
  • Italy 296,569
    Italy
    Confirmed: 296,569
    Active: 43,161
    Recovered: 217,716
    Death: 35,692
  • Germany 271,840
    Germany
    Confirmed: 271,840
    Active: 19,374
    Recovered: 243,000
    Death: 9,466
  • Canada 142,745
    Canada
    Confirmed: 142,745
    Active: 9,362
    Recovered: 124,172
    Death: 9,211
  • Netherlands 91,934
    Netherlands
    Confirmed: 91,934
    Active: 85,659
    Recovered: ?
    Death: 6,275
  • China 85,269
    China
    Confirmed: 85,269
    Active: 171
    Recovered: 80,464
    Death: 4,634
  • Australia 26,885
    Australia
    Confirmed: 26,885
    Active: 2,079
    Recovered: 23,962
    Death: 844
  • S. Korea 22,893
    S. Korea
    Confirmed: 22,893
    Active: 2,545
    Recovered: 19,970
    Death: 378
  • New Zealand 1,811
    New Zealand
    Confirmed: 1,811
    Active: 67
    Recovered: 1,719
    Death: 25

VLC latest version contains security flaw that can compromise user machine

Author at TechGenyz Insights
VLC Media Player

VLC is reportedly unfortified against remote-code execution which means that if the software opens a malicious video, there could be a possibility of the media player crashing, or of the tricky video running malware on the host machine.

The U.S. government’s National Institute of Standards and Technology (NIST) has registered a “critical” heap-based buffer overflow which is called CVE-2019-13615. The VLC software reportedly utilizes this in its latest official version (3.0.7.1). 

The NIST claimed that it is not improbable that a victim might be tricked into opening a booby-trapped video using VLC, which might trigger a coding complication and result in either a non-dangerous crashing of the software or a disagreeable situation involving the execution of some malign code.

This defect was detected in the Linux, Unix, and Windows builds of the VLC media player.

VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp – NIST

Germany’s CERT has also interpreted this bug as dangerous and exploitable.

However, the developers of the widely popular VLC media player software, which is open-sourced, have disputed this claim, stressing that the possibilities of exploiting the programming blunder are next to zero.

VideoLAN lead developer Jean-Baptiste Kempf, while discussing the defect called ‘CVE-2019-13615’ in a bug-tracking ticket, observed that he was unable to recreate the crash using a proof-of-concept. MP4 video that was supposed to hinder the latest version of VLC. He even reported that he was unable to crash both the older version of the software and the ones that are currently work-in-progress.

Kempf – “This does not crash a normal release of VLC 3.0.7.1. Sorry, but this bug is not reproducible and does not crash VLC at all.”

If you land on this ticket through a news article claiming a critical flaw in VLC, I suggest you to read the above comment first and reconsider your (fake) news sources – Francois Cartegnie, VLC developer

Contradictorily, when the proof-of-concept. MP4 video was played on the VLC version 3.0.7 Vetinari (3.0.7-0-g86cee31099) on Linux, the technology news and opinion website, The Register, observed that the player crashed with a segmentation fault.

This seems to be at odds with Kempf’s statement that the bug in question “does not crash” the system and that “the bug is not reproducible“. It also raises the question of whether remote-code execution is possible or impossible.

There will soon be an update patch available for the VLC software so that users can regularly update it to keep their system safe.

Career

Subscribe