In VLC media player vulnerability (), which could potentially lead to the execution of malicious code when playing specially crafted MKV video (). The problem is caused by accessing a memory area outside the allocated buffer in the decompressing code of the MKV media container and manifests itself in the current release 3.0.7.1.
Fix for now , as well as package updates (, , , , , ). Vulnerabilities critical hazard level (9.8 out of 10 CVSS). At the same time, the developers of VLC that the problem is limited to a memory leak and cannot be used to orchestrate code execution or cause a crash.
Source: opennet.ru