It could also be used to disclose files on the host system.
CERT-Bund gave a base vulnerability score of 9.8 out of 10 in the NISTs National Vulnerability Database.
However, the issue isnt reproducible and doesnt crash a normal release of VLC 3.0.7.1, added Kempf.
Earlier this morning, VideoLAN took to Twitter to clarify that VLC is not vulnerable as reported by CERT-Bund.
Therelated entryin VideoLANs public bug tracker also lists the issue as fixed.
Reacting on the press reports that claimed VLC media player is vulnerable, Kempf said: Its insane.
People are saying, you gotta uninstall VLC.
Its the usual people who dont check their facts.
However, it is advisable to ensure that the software is always regularly updated.
Additionally, avoid playing an untrusted MKV format file on the media player.
The current version of VLC is 3.0.7.1.
source: www.techworm.net
