Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
VLC Media Player and MPlayer contain critical vulnerability bugs
#1
https://www.techradar.com/news/vlc-media...ility-bugs       VLC Media Player and MPlayer contain critical vulnerability bugs
By Matt Hanson 8 hours ago Software  

Make sure to update ASAP
VLC Media Player on a laptop
If you use the popular media players VLC or MPlayer, then you’ll want to make sure you have the most recent updates installed as soon as possible, as security researchers have identified a critical vulnerability that puts your PC at risk.

Cisco Talos Intelligence Group, the security research company, has found that there is a critical remote code execution vulnerability in the LIVE555 media streaming library, which is used by VLC, MPlayer and other popular media players.

According to the findings, this vulnerability is found in a flaw in the HTTP packet parsing functionality, which analyzes HTTP headers for RTSP tunneling over HTTP.

Lilith Wyatt, a researcher at the Cisco Talos Intelligence Group, explained in a blog post that “an exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.”

Get updating
If you have media playing software that uses the LIVE555 media streaming library, such as VLC, then you’ll want to make sure you update to the latest version, as an update has been released that addresses the issue.

The speed in which a fix has been found and released shows how worrying this vulnerability is, and how it put PCs in risk of a cyber attack from malicious users.

Although VLC is a very popular free media player, and often used as an alternative to Windows Media Player and other media playing tools included in Windows over the years, it’s also had its fair share of security problems.

As HackRead explains, critical security flaws have been found in the past, such as in version 2.0.5, while last year Kodi, VLC and Popcorn time were found to be vulnerable to hackers who could hijack computers via subtitle files.

Hopefully, this latest vulnerability is a wakeup call to VLC and other media players to make sure their products are completely secure, otherwise users may start looking elsewhere.

Want to ditch VLC? Here's the best VLC download alternatives
Related product: VLC Media Player
Our Verdict:
?????
VLC offers everything you could need from a media player - comprehensive format support, streaming, downloading and much more besides.

 FOR
Highly customizable
Excellent file format support
Expandable via plugins
 AGAINST
Editing metadata isn't as straightforward as in some other players
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs Bjyda 0 1,073 03-11-2021 , 10:48 PM
Last Post: Bjyda
  TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM Inf Bjyda 0 2,348 02-13-2021 , 10:07 PM
Last Post: Bjyda
  SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product mrtrout 0 1,031 01-23-2021 , 10:06 PM
Last Post: mrtrout
  Critical bugs in Dell Wyse ThinOS allow thin client take over mrtrout 0 1,168 12-21-2020 , 10:07 PM
Last Post: mrtrout
  Critical Bugs in WordPress Plugins Let Hackers Take Over Sites tarekma7 0 1,409 02-29-2020 , 07:22 PM
Last Post: tarekma7



Users browsing this thread: 3 Guest(s)