VLC Media Player Vulnerable to Double Free and Buffer...

VLC Media Player Vulnerable to Double Free and Buffer Overflow Vulnerabilities

On June 21, researchers at PenTestPartners published a blog about their discovery of multiple vulnerabilities in the VideoLan VLC Media Player including a “high-risk double free issue” that is identified as CVE-2019-12874.

VideoLan published an advisory for two vulnerabilities, the double free flaw as well as a heap buffer overflow vulnerability that is identified as CVE-2019-5439.

According to the advisory, a remote attacker that convinces a user to open either a “specially crafted file or stream” would be able to achieve remote code execution with privileges under the current user or cause VLC to crash.

Both vulnerabilities are addressed in VLC media player 3.0.7 or later. Users are advised to update as soon as possible.

Tenable plugins to identify these vulnerabilities will appear here as they’re released.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

VLC Media Player Vulnerable to Double Free and Buffer...

Recent Discussions

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Americas

Europe

Asia / Australia