Have you heard that VideoLAN has released a new version of VLC Media Player to resolve a critical security vulnerability that could eventually allow for remote code execution?
The update, which brings VLC to version 3.0.11 on Linux, Windows, and Mac, specifically targets the vulnerability documented in CVE-2020-13428 and which only affects the desktop client.
VideoLAN explains that a potential exploit can use a specifically crafted file which when launched with VLC Media Player can trigger a buffer overflow in the H26X packetizer.
In most of the cases, the whole thing would just cause the application to crash, which albeit isn’t something very convenient, is not really that dangerous. But on the other hand, VideoLAN warns that a more complex attack could actually lead to an RCE attack and a potential leak of user information.