VLC Media Player 3.0.11: Fixes serious remote code execution error

From en.secnews.gr


Η VideoLan VLC Media Player 3.0.11 has been released and is now available for Windows, Mac and Linux. In addition to error corrections and improvements, this version also fixes a security bug that could allow hackers to perform remote commands or crash the VLC on a vulnerable computer. This error is identified as CVE-2020-13428 and is an overflow of temporary memory in the VLC’s H26X packetizer, so it could allow hackers execute commands below the same level of security with the user, if used properly.

Read more…