About the "security issue" on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
Thread:
-
-
Now to be fair, it's not *immediately* obvious that the flaw lies within libEBML, if you're just looking at the crash details itself. I probably wouldn't have known, had
@videolan not mentioned it. Removing the http://libebml.so .4.0.0 file does make the PoC fail to crash.pic.twitter.com/1m7Rf3HKgH
-
Yeah the C++ stacktraces with libebml and libmatroska are very hard to read within the VLC modules.
End of conversation
New conversation -
-
-
Sounds accurate. Sigh.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.