The VideoLAN Forums

CVE-2019-13602 VLC Media Player Integer Underflow Vulnerability July19 (Windows) claims there is a vulnerability rating a 6.8 score. Does anybody know of any plans to address it with an upgrade? ETA?

Alternatively, how does one contact VLC directly to ask this question?

Thanks.

If you do some research by using google and looking at comments, it isn't as severe as it has been claimed at start and has been fixed long time ago.

https://twitter.com/videolan
https://threader.app/thread/1153963312981389312

If you have a question about ratings, ask the ones making the ratings.

As far as I am concerned, this is a very minor vulnerability - it will just crash the player if you open a corrupt file.

https://forum.videolan.org/viewtopic.php?f=14&t=150209

Although I sincerely do appreciate the links to the information, whether it is justified or not wasn't the question. It was scored as it was, and the best recourse, imho, is to address it through the channels that created the issue.

From one of the linked articles I gather it seems they have, but without success. I would suggest, for the benefit of any VLC staff reading this post that can help, they redouble their efforts on getting the issue solved somehow at the source of it, whether by getting the score to more accurately reflect the potential or convincing them it is fixed, so it does not show up at all or can be found to be remedied with an update. In my environment, the auditors tend to side with the issues and expect actual efforts to remedy it, not debates as to whether it is a righteous issue to begin with.

But again, thanks to all for kindly providing the information. At present, noting it seems to be as much as can be done.

https://forum.videolan.org/viewtopic.php?f=14&t=150209

OP is asking about CVE-2019-13602. That thread is about CVE-2019-13615. Please don't confuse people with incorrect references.

I didn't see a concrete reference to any CVE in either of the articles I read.