VLC media player received patches for zero-day in open-source library
VLC media player is a popular open-source media player that is used by millions of people around the world. However, it has recently been discovered that the VLC media player contains two security vulnerabilities that could be exploited by attackers to take control of users’ computers.
The first vulnerability is tracked as CVE-2022-37434 and is caused by a heap-based buffer over-read or buffer overflow in inflate.c. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the victim’s system.
For those unacquainted, zlib stands as the silent guardian in many systems. Crafted by Jean-loup Gailly and Mark Adler, this software library primarily handles data compression. Its core, the DEFLATE compression algorithm, is the backbone of the duo’s gzip file compression program. The significance of zlib is profound; you can trace its roots to various software platforms: Linux, macOS, iOS, and even gaming consoles like PlayStation and Xbox. This vulnerability, therefore, had the potential to reverberate across multiple platforms.
The second vulnerability is tracked as CVE-2023-5217 and is caused by a heap buffer overflow weakness in the VP8 encoding of the libvpx video codec library. This vulnerability could be exploited by an attacker to crash the VLC media player application or to execute arbitrary code on the victim’s system. Google TAG’s Maddie Stone unveiled that malicious entities didn’t just stumble upon CVE-2023-5217 – they exploited it, deploying spyware on targeted systems.
Both of these vulnerabilities are considered to be serious and users are advised to update to VLC media player 3.0.19 as soon as possible.
How to protect yourself from these vulnerabilities
To protect yourself from these vulnerabilities, you should follow these steps:
- Update to VLC media player 3.0.19 as soon as possible.
- Be careful about what files you open with the VLC media player. Do not open files from untrusted sources.
- Use a firewall and antivirus software to protect your computer from other threats.
