VLC Media Player 3.0.7 receives an important update which fixes multiple security flaws. The latest version fixes one high, 21 medium and 20 low-security issues. One of the major issues is linked to version 4.0. Since VLC 4.0 is a beta version, only VLC 3.0.7 is to be taken into consideration. Please follow the steps mentioned below to upgrade to the latest version of VLC.
The two major issues include Out-of-bound write and stack buffer overflow. The other flaws include multiple buffer overflow errors, use after free errors, integer underflow and overflow errors, NULL pointer de-references, floating point exception errors, infinite loop error, etc.
VLC Media player versions prior to and including 3.0.6 are affected.
The Vendor has released a new version of VLC media player by fixing multiple vulnerabilities. For more info please refer our blog
We can use SanerNow platform to patch above-mentioned vulnerabilities quickly across the organization as shown in the below diagrams.
SanerNow: Vulnerability detection and patching of VLC media player:
1. Login to SanerNow platform.
2. Switch to the account/site specific view and Go to 'VM tool'
3. VLC CVE-2019-5439 vulnerability will be listed in 'Top Vulnerabilities' or 'Recently Discovered Vulnerabilities' as shown in the below diagram
4. Search for this vulnerability in VM tool. If you are affected, apply the patch through PM -> Missing Patches
5. Select 'Groups/Devices' in the 'Asset Source' section and click 'Apply'.
6. Select the 'VLC Media Player' product from the 'Asset' section as shown in the below diagram.
7. Select 'Apply Selected Patches' at the rightmost corner. This will prompt for 'Creating Patching Task'. Fill in 'Task Name' and 'Remediation Schedule' as per your preference and click on 'Apply Selected Patches' as shown below,
8. Remediation job will be created, which will fix the vulnerabilities by upgrading VLC media player to the latest version.
9. Once remediation is done, the Saner agent automatically scans again and upload the result to SanerNow as shown below,