Author

Topic: Heads-up: Is VLC Vulnerable with the latest bug report? (Read 118 times)

legendary
Activity: 2576
Merit: 1655
Hello guys,

Just wanted to update you on the latest bug the supposedly, affected VLC, thus its billions of customers including myself. It is reported as CVE-2019-13615 and was reported as "Remote Code Execution vulnerability". First reported here, https://www.cert-bund.de/advisoryshort/CB-K19-0634 and found its way to the NATIONAL VULNERABILITY DATABASE - https://nvd.nist.gov/vuln/detail/CVE-2019-13615.

However, upon a closer look by the VLC team,

[1] VLC cannot replicated the bug
[2] The bug reporter uses an old Ubuntu version and of course outdated libraries.
[3] The bug reporter didn't contact VLC but instead go to the public

So it means that there are some flaw on the bug reporting process and VLC has fixed it already one year ago.

So I guess this is just a human error, however VLC is just asking those who have reported it to contact first their team and not to panic the public.

As a software tester myself, this is a nightmare, specially if I can't replicated or reproduce the bug. So we interact with the customers as ask for more details, etc etc.

You can follow their official twitter here: https://twitter.com/videolan/status/1153965977182203904
Jump to: