About the "security issue" on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
Thread:
-
-
Yeah the C++ stacktraces with libebml and libmatroska are very hard to read within the VLC modules.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
And for the record, this appears to be the libebml commit that causes the PoC for this case to no longer crash:https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.