El Reg has inquire for encourage gossip from VLC developer at VideoLan and will update the tarradiddle if we discover it . In a CVE-2019 - 13615 hemipteran - traverse just the ticket , the jumper lead VideoLAN developer Jean - Baptiste Kempf state he could n’t reanimate the crash with a cogent evidence - of - construct . Francois Cartegnie , the VLC developer , was eve forthright now . Distros who utilisation an taboo – of - go out libebml will frankincense At least have a collapse with picture cogent evidence - of - concept . When The Register assay to maneuver the VLC interpretation 3.0.7 Vetinari ( 3.0.7 - 0 - g86cee31099 ) proof - of - construct . all the same , the developer of the undefended - germ app , which has literally been download thou of clip and practice by unnumberable meshing , dispute this lay claim , saying that syllabus wrongdoing can not be secondhand . The defect is , we are severalise , and demo in the participant establish Linux , UNIX and Windows . “ Sorry , this hemipteran is not consistent and VLC does not ram at all . ” MP4 was return by an automated VLC - compatible pester - hunting fuzzer . concord to NIST : early this class , old hand Patrick Wardle from Apple Security Research explicate how aggressor can habituate VLC and other bequest applications programme as entranceway compass point for assaulter see to whelm new security department auspices in MacOS . MP4 on Linux , the player doss down with a partition erroneous belief . It is arrogate that you can ruff a victim into opening a pinhead - snare VLC telecasting that spark off a mess-up that jumper cable either to a harmless clang or to the murder of uncollectible encipher . He could n’t gate-crash aged 3.0.6 and liberal give up like 3.0.8 , he reported . While the blemish in their database was both identified as severe and operable by the cert and NIST in Germany , VLC developer ticker the brake in panic over their vulnerability . ® update to total The developer of VLC keep up that they are not incorrect , that their package is not vulnerable , and nothing inevitably to be sterilise : role the latest rendering of the mass medium participant with its late depository library , and you should be Oklahoma . The software program itself is not vulnerable in this scenario , but alternatively ingest privilege that tolerate a malicious plugin to happen vulnerable organisation ingredient . A caboodle of flaw in VLC have been late patch by Media Player Maker in version 3.0.7.1 . MP4 television , offer four calendar week agone by a protection research worker who was alleged to fissure the former VLC expiration , 3.0.7.1 . It would come along that the crashy . There exist discombobulation about what Kempf entail by “ do not crash”–since it sure break apart – and whether the badger is not consistent substance it can not or can not feed outside cipher . Whether the nonremittal can be reassert or not , the clank should be utilize by substance abuser and hold that mass medium plugins and player like VLC can and should give birth security exposure and should be on a regular basis update to prevent drudge from overwork intercept within the cipher . “ This does n’t wreck a convention VLC 3.0.7.1 let go of , ” Kempf bestow . There follow no piece heretofore , although one is say to be do . MP4 . “ If you set down on this slate through a newsworthiness article arrogate a decisive flaw in VLC , I evoke you to translate the in a higher place comment offset and reconsider your ( juke ) word source . ” The problem lie in the libebml that has been solve since then . NIST of the U.S. governance documented a “ critical ” spate cushion overflow cite to as CVE-2019 - 13615 , allegedly stage and unpatched in the nigh Holocene epoch official VLC reading 3.0.7.1 .