Threatpost reports that VLC Media Player has an unpatched RCE flaw, but the VLC team says that this bug isn't reproducible.

Threatpost posted an article earlier today, citing a filing by CERT for an RCE flaw in VLC, stating that "A remote, anonymous attacker can exploit a vulnerability in VLC to execute arbitrary code, create a denial of service state, disclose information, or manipulate files."

However, the developer comments for the patch work being done for this vulnerability state that the issue is not reproducible, suggesting that there is in reality no vulnerability at all.

Tenable is monitoring the situation and we'll update this post as new information arises. We do not currently have any plugin or cyber exposure alert blog plans without further evidence from either the researchers that supposedly found the vulnerability or the developers at vlc.