Le site officiel videolan.org parce qu'il traine des fake à la con.
Je cite:
That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.
Et les explication chez VLC (Affected versions : VLC media player 3.0.6 and earlier)
Details
A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively
Impact
If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.
Note: je vais poster plus de 3 Tranches par jour ces prochains temps, j'ai un peu trop de trucs dans ma liste "à poster"