'Critical' vulnerability discovered in VLC on Linux and Windows -- but VideoLAN says it is not reproducible

Reports have emerged of a security bug in the Windows and Linux versions of VLC, making it vulnerable to remote-code execution via malicious videos. But although German and American security experts have branded the flaw as "critical", VLC-maker VideoLAN is downplaying things. In fact, more than downplaying the vulnerability, VideoLAN is flat-out denying that it exists, with the software developer dismissing it as "fake news". The alleged vulnerability has been assigned a 9.8 critical score on NIST and a similar warning has been issued by CERT. The flaw supposedly means that malicious MKV files could be used to compromise VLC.… [Continue Reading]