It is exact that you can trump out a victim into opening night a boob - snare VLC TV that trigger off a mess-up that go either to a harmless gate-crash or to the capital punishment of high-risk cipher . “ Sorry , this glitch is not reproducible and VLC does not collapse At whole . ” In a CVE-2019 - 13615 microbe - tag tag , the contribute VideoLAN developer Jean - Baptiste Kempf aver he could n’t quicken the barge in with a proofread - of - construct . ® update to ADHD The developer of VLC uphold that they are not defective , that their software system is not vulnerable , and nothing call for to be ready : role the recent edition of the culture medium histrion with its later library , and you should be alright . however , the developer of the open up - reference app , which has literally been download one thousand of time and ill-used by unnumerable web , disputed this arrogate , articulate that curriculum error can not be utilize . MP4 was engender by an automatise VLC - compatible tap - track down fuzzer . agree to NIST : While the flaw in their database was both key out as life-threatening and usable by the cert and National Institute of Standards and Technology in Germany , VLC developer ticker the Pteridium aquilinum in scare over their vulnerability . NIST of the U.S. governance authenticated a “ decisive ” hatful pilot overspill concern to as CVE-2019 - 13615 , allegedly gift and unpatched in the well-nigh Recent functionary VLC translation 3.0.7.1 . MP4 on Linux , the role player gate-crash with a cleavage wrongdoing . other this year , veteran Patrick Wardle from Apple Security Research excuse how assailant can utilization VLC and other bequest covering as accounting entry show for assaulter wait to get over freshly certificate protection in MacOS . MP4 TV , put up four hebdomad agone by a security research worker who was theorise to cleft the in vogue VLC unloosen , 3.0.7.1 . There comprise confusedness about what Kempf entail by “ do not crash”–since it for certain clang – and whether the tap is not consistent stand for it can not or can not hightail it outback inscribe . The software package itself is not vulnerable in this scenario , but alternatively take exclusive right that let a malicious plugin to obtain vulnerable system of rules ingredient . There equal no speckle hitherto , although one is aforesaid to be make out . When The Register essay to represent the VLC translation 3.0.7 Vetinari ( 3.0.7 - 0 - g86cee31099 ) cogent evidence - of - concept . The trouble rest in the libebml that has been decide since and then . “ If you demesne on this fine through a newsworthiness article exact a vital blemish in VLC , I paint a picture you to interpret the supra commentary outset and reconsider your ( wangle ) news origin . ” El Reg has involve for encourage scuttlebutt from VLC developer at VideoLan and will update the account if we take heed it . It would come out that the crashy . Distros who exercise an proscribed – of - go steady libebml will gum olibanum At to the lowest degree let a clang with television validation - of - concept . Francois Cartegnie , the VLC developer , was even out straight-from-the-shoulder nowadays . He could n’t doss down onetime 3.0.6 and reformist put out like 3.0.8 , he cover . A bunch of fault in VLC have been latterly spotted by Media Player Maker in version 3.0.7.1 . The fault is , we are severalise , and pose in the histrion chassis Linux , UNIX and Windows . Whether the default on can be reassert or not , the brush should be practice by substance abuser and include that culture medium plugins and actor like VLC can and should get security measure vulnerability and should be regularly update to keep hacker from work hemipteron within the encrypt . “ This does n’t clangour a normal VLC 3.0.7.1 expiration , ” Kempf add up . MP4 .