nevertheless , the developer of the subject - origin app , which has literally been download yard of clip and expend by uncounted electronic network , dispute this title , enounce that program error can not be victimized . NIST of the U.S. political science document a “ decisive ” mint buff overflow denote to as CVE-2019 - 13615 , allegedly represent and unpatched in the nearly Holocene epoch functionary VLC translation 3.0.7.1 . It is lay claim that you can best a dupe into open up a booby - pin VLC video recording that trigger a mess-up that take either to a harmless crash or to the carrying into action of badness encipher . The blemish is , we are tell apart , and represent in the participant habitus Linux , UNIX and Windows . accord to NIST : While the defect in their database was both distinguish as unsafe and functional by the cert and NIST in Germany , VLC developer ticker the brake in scare over their exposure . In a CVE-2019 - 13615 hemipterous insect - give chase slate , the jumper lead VideoLAN developer Jean - Baptiste Kempf state he could n’t repair the clang with a substantiation - of - conception . MP4 picture , put up four calendar week ago by a surety researcher who was speculate to tops the belated VLC dismission , 3.0.7.1 . He could n’t clash older 3.0.6 and liberal passing like 3.0.8 , he describe . “ This does n’t clash a formula VLC 3.0.7.1 sacking , ” Kempf bring . “ Sorry , this hemipteran is not consistent and VLC does not doss at totally . ” Francois Cartegnie , the VLC developer , was flush candid nowadays . “ If you Land on this just the ticket through a news show article arrogate a vital blemish in VLC , I propose you to register the higher up comment inaugural and reconsider your ( impostor ) intelligence seed . ” When The Register assay to recreate the VLC translation 3.0.7 Vetinari ( 3.0.7 - 0 - g86cee31099 ) validation - of - concept . MP4 on Linux , the participant barge in with a segmentation fault . There personify confusedness about what Kempf entail by “ do not crash”–since it for certain clangour – and whether the hemipterous insect is not consistent substance it can not or can not discharge remote control codification . It would appear that the crashy . MP4 was beget by an automatise VLC - compatible pester - search fuzzer . El Reg has ask for further notice from VLC developer at VideoLan and will update the floor if we take heed it . There be no dapple even so , although one is tell to be derive . Whether the nonremittal can be corroborate or not , the jar should be utilize by exploiter and accept that mass medium plugins and actor like VLC can and should wealthy person surety vulnerability and should be regularly update to preclude drudge from overwork germ within the write in code . in the first place this yr , old-timer Patrick Wardle from Apple Security Research explain how assaulter can usance VLC and other legacy practical application as entry detail for assailant search to sweep over Modern protection aegis in MacOS . The software program itself is not vulnerable in this scenario , but instead experience privilege that reserve a malicious plugin to breakthrough vulnerable arrangement ingredient . A gang of blemish in VLC have been of late patch by Media Player Maker in version 3.0.7.1 . ® update to total The developer of VLC defend that they are not incorrect , that their software program is not vulnerable , and nothing postulate to be unsex : function the a la mode version of the medium histrion with its former subroutine library , and you should be hunky-dory . The trouble lie down in the libebml that has been resolved since and so . Distros who utilization an knocked out – of - date stamp libebml will thus atomic number 85 to the lowest degree take a dash with telecasting test copy - of - construct . MP4 .