"The sky is falling; uninstall VLC now! "This is the advice that some websites give, but the alleged VLC error is over-the-top and may not even pose a real risk to the VLC developers.
This excitement started with the release of CVE-201
Hey @MITREcorp and @CVEnew the fact that you NEVER contact us for years for VLC vulnerabilities before publishing anything is really not cool, but at least you can check your data or check yourself before you publicly post a Send 9.8 CVSS Vulnerability
– VideoLAN (@videolan) July 23, 2019
But it's bad, right? That's 9.8 out of 10 – which is safe When it comes to gaps, it sounds like an incoming nuclear strike. This error could allegedly lead to poor code execution. Attackers could gain control of your system by making a mistake in VLC.
As CVE explains, a corrupted MKV file must be played for this bug. If you download and run a malicious MKV file from the Internet, theoretically this can potentially endanger VLC – though nobody claims that it ever happened in the real world. Also, the macOS version of VLC does not seem to be affected.
Even if this bug is so bad, you just have to look for MKV files – do not download any untrusted MKV files and play them in VLC until a patch is released. Keep away from MKV, if you operate media piracy.
But not so fast! The developers of VLC say they can not even reproduce the problem, suggesting that there are serious problems with the original exploit report.
Did you even check that?
Nobody can reproduce this problem here. @videolan) July 23, 2019
At the end of the day, it's probably a good idea to stay away from downloaded MKV files until VLC fixes this bug. But that's all you really need to do, and even that's kind of paranoid.
As the developers of VLC explain in the VideoLAN Bug Tracker:
"Sorry, but this bug is not reproducible and does not crash VLC at all. "-Jean-Baptiste Kempf
" If you end up on this ticket through a news article claiming a critical bug in VLC, I recommend that you first read the comment above and rethink your (fake) news sources. "-Francois Cartegnie
" This will not crash a normal version of VLC 126.96.36.199 "-Jean-Baptiste Kempf