Following reports that German cybersecurity agency CERT-Bund had discovered a critical flaw in VLC media player, VideoLAN president Jean-Baptiste Kempf has publicly denied that the alleged flaw is functional.
Speaking with The Daily Swig, Kempf claimed that the security issue had only been present in a third-party library, and a fix was pushed out 18 months ago.
“The issue was there two years ago, but it’s absolutely not possible to take control [of someone’s device now],” he said.
Kempf suspects that the bug reporter was running an outdated version of Ubuntu.
“The guy never contacted us,” said Kempf. “This is why you don’t report security issues on a public bug tracker. The issue was there two years ago, but it’s absolutely not possible to take control [now],” he said.
Kempf also said that his team at VLC were not able to replicate the exploit in the latest version of VLC.
CERT-Bund has since downgraded the level of the exploit to “low,” but still maintains that the issue impacts VLC’s most recent version.