Tuesday, July 23, 2019

Critical VLC Flaw Found

Well this isn't good. The folks at VideoLAN Project are working in a fix, so there's that.

VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.