Earlier, we mentioned that warned that the well-known open source VLC media player in high-risk vulnerabilities affect hundreds of millions of users worldwide security agencies. The organization is issuing this warning the German Federal Computer Emergency Response Center. Therefore, many news media after the press release issued warnings. VLC is a warning of a high risk vulnerability could lead to remote code execution, information leaks and service interruptions. It recommends that users temporarily disable the VLC player.
About the "security issue" on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
Thread:
— VideoLAN (@videolan) July 24, 2019
Given the vulnerability is extremely dangerous and VLC officials have yet to release new versions to fix it, many users use the player also confirmed the concerns about security. However, VLC officially released on Twitter a message, the vulnerability exists, but is actually a third-party library problem. The library is mainly used to resolve .EBML file. Currently, the software library of vulnerability has been fixed, the vulnerability does not cause serious harm, it will not affect the user's security.
VLC team even accused the German Federal Computer Emergency Response Center is not in touch with the team prior to issuing the alert, but not verify the actual information.