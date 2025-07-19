Stories
VLC: Vulnerability Not Found

posted by martyb on Thursday July 25, @05:52PM   Printer-friendly
from the pics-or-it-didn't-happen dept.
Security

takyon writes:

Alleged critical VLC flaw is nothing to worry about -- and is nothing to do with VLC

There has been a degree of confusion over the last few days after news spread of a supposed vulnerability in the media player VLC. Despite being labelled by security experts as "critical", VLC's developers, VideoLAN, denied there was a problem at all.

And they were right. While there is a vulnerability, it was in a third-party library, not VLC itself. On top of this, it is nowhere near as severe as first suggested. Oh -- and it was fixed over a year ago. An older version of Ubuntu Linux was to blame for the confusion.

The problem actually exists in a third-party library called libebml, and the issue was addressed some time ago. The upshot is that if you have updated VLC within the last year, there is no risk whatsoever. VLC's developers are understandably upset at the suggestion that their software was insecure.

Also at Tom's Hardware, Boing Boing, and The Register.

Original Submission


  • (Score: 2) by ikanreed on Thursday July 25, @06:00PM

    by ikanreed (3164) on Thursday July 25, @06:00PM (#871164)

    If you think you know what's in software you wrote from scratch yourself I'm pretty unlikely to believe you. Knowing everything that came in with apt-get install or a pip install or even exactly what's in your steam library is an absurdity.

    I'm just complaining, I have no solutions to this problem.

