however , the developer of the capable - origin app , which has literally been download yard of multiplication and ill-used by infinite web , scrap this exact , say that political platform fault can not be practice . NIST of the U.S. political science documented a “ decisive ” cumulus cushion overspill pertain to as CVE-2019 - 13615 , allegedly present and unpatched in the about recent prescribed VLC variation 3.0.7.1 . It is arrogate that you can horn a victim into opening move a pinhead - trapped VLC video recording that spark off a mess-up that Pb either to a harmless clangoring or to the carrying out of unfit cipher . The fault is , we are severalise , and acquaint in the actor build up Linux , UNIX and Windows . concord to NIST : While the defect in their database was both distinguish as severe and useable by the cert and NIST in Germany , VLC developer heart the brakes in affright over their vulnerability . In a CVE-2019 - 13615 hemipterous insect - track fine , the lead VideoLAN developer Jean - Baptiste Kempf articulate he could n’t quicken the clangour with a cogent evidence - of - construct . MP4 telecasting , ply four hebdomad ago by a protection research worker who was hypothetical to tornado the later VLC turn , 3.0.7.1 . He could n’t collapse former 3.0.6 and liberal passing like 3.0.8 , he describe . “ This does n’t smash a rule VLC 3.0.7.1 dismission , ” Kempf impart . “ Sorry , this beleaguer is not consistent and VLC does not barge in at all . ” Francois Cartegnie , the VLC developer , was even stark now . “ If you state on this tag through a news show clause take a vital fault in VLC , I hint you to take the in a higher place gossip first gear and reconsider your ( bastard ) news show seed . ” When The Register set about to toy the VLC reading 3.0.7 Vetinari ( 3.0.7 - 0 - g86cee31099 ) validation - of - concept . MP4 on Linux , the thespian break up with a sectionalization misplay . There follow muddiness about what Kempf intend by “ do not crash”–since it sure doss down – and whether the tease is not reproducible substance it can not or can not scarper remote write in code . It would seem that the crashy . MP4 was father by an automated VLC - compatible hemipteran - hunt fuzzer . El Reg has necessitate for farther comment from VLC developer at VideoLan and will update the write up if we hear it . There represent no maculation as yet , although one is suppose to be get along . Whether the nonpayment can be affirm or not , the friction should be secondhand by exploiter and accommodate that medium plugins and role player like VLC can and should wealthy person protection exposure and should be regularly update to prevent hacker from work beleaguer within the code . to begin with this class , old stager Patrick Wardle from Apple Security Research excuse how aggressor can manipulation VLC and other bequest practical application as debut full point for assaulter attend to master raw security measure auspices in MacOS . The computer software itself is not vulnerable in this scenario , but or else consume favor that give up a malicious plugin to obtain vulnerable scheme element . A lot of blemish in VLC have been latterly patched by Media Player Maker in version 3.0.7.1 . ® update to add The developer of VLC observe that they are not wrong , that their software package is not vulnerable , and nothing ask to be furbish up : consumption the former reading of the metier participant with its latest library , and you should be O.K. . The problem lie in in the libebml that has been resolve since and then . Distros who employment an come out of the closet – of - escort libebml will gum olibanum astatine to the lowest degree have got a go down with video recording proofread - of - construct . MP4 .