Share this article

Improve this guide

VLC media player update fixes denial of service crash bug

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Why would someone launch a denial of service attack just tocrashyourVLCmedia player?

A malicious actor could do it for fun, no? Or maybe they found a new way to steal your information. But, whatever their intention is, a flaw in theVLCapp could let them do exactly that!

That’s why the folks at VideoLANrecommendthat you update toVLC3.0.11 for Windows 10, which patches the vulnerability.

VLC media player patches crash vulnerability

VLC media player patches crash vulnerability

Tommy Muir alerted VideoLAN to the CVE-2020-13428 flaw that affects theVLCmedia player.

In a typical CVE-2020-13428 exploit, an attacker remotely delivers a specially crafted script that causes a buffer overflow affecting theVLCH26X packetizer.

They could send you the malware disguised as a genuine media file. They could also deliver it in the form of a media stream.

Once you open the specially crafted file, the malware starts executing.

After that, the bad actor may be able to crash yourmedia playerin adenial of service attack. Alternatively, they could gain your user privileges and execute arbitrary scripts.

While these issues in themselves are most likely to just crash the player, we can’t exclude that they could be combined to leak user information or remotely execute code. ASLR and DEP help reduce the likelihood of code execution, but may be bypassed.

The VLCmedia player takes advantage of address space layout randomization (ASLR), a memory protection technique that minimizes the risk of buffer-overflow attacks. Apart from that, it also leverages data execution prevention (DEP) to guard against the effects of malware and viruses.

But VideoLAN warns that an attacker may still breach ASLR and DEP and succeed in their CVE-2020-13428 attack.

Most probably, the company received a proof of concept from Muir, rather than evidence of an ongoing exploit in the wild. So, you should be safe for now, although updating to the latest version of theVLCmedia player should be a priority.

Do you use the VLC media player forWindows 10, and are you experiencing any crash issues? Kindly let us know or ask any questions via the comments section below.

[wl_navigator]

More about the topics:bugs

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.