libebml prior to 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries prior to 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
videolan vlc media player |
'Fake news!' dev team cries It's 2019 and you can still pwn an iPhone with a website: Apple patches up iOS, Mac bugs in July security hole dump
Updated VLC is said to be once again vulnerable to remote-code execution – meaning a booby-trapped video opened by the software could potentially crash the media player, or joyride it to run malware on the host machine. However, the developers of the open-source application, which has been downloaded literally billions of times and used by countless netizens, have disputed this claim, and say it is not possible to exploit the programming blunder. The US government's NIST this month documented ...