The popular opensource multimedia software, VLC media player, was found having a critical security flaw that allowed attackers to execute arbitrary code. The vulnerability, tracked as CVE-2019-13615, was a buffer over-read flaw that led to code execution in the software.
The flaw was found in version 18.104.22.168 of VLC and its believed to affect all the previous versions. As of now, the flaw still remains in the current version (22.214.171.124) of the VLC media player.
In June, the VLC media player was found containing two critical vulnerabilities that led to arbitrary code execution. These flaws could be exploited if users had opened malicious files sent by attackers.
However, these flaws were fixed immediately upon being notified by a security researcher. They were patched in version 3.0.7.