VLC media player update fixes denial of service crash bug

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • VLC media player version 3.0.11 for Windows 10 is now available. 
  • The update brings a patch for a crashing issue that affects the app due to its CVE-2020-13428 flaw. 
  • Do you yearn for an error-free experience with Windows 10 applications? Check out our dedicated Bugs page to learn more!
  • Don't forget to visit the Windows 10 to read the latest Windows news and tips.
VLC CVE-2020-13428 fix
To fix various PC problems, we recommend DriverFix:
This software will keep your drivers up and running, thus keeping you safe from common computer errors and hardware failure. Check all your drivers now in 3 easy steps:

  1. Download DriverFix (verified download file).
  2. Click Start Scan to find all problematic drivers.
  3. Click Update Drivers to get new versions and avoid system malfunctionings.
  • DriverFix has been downloaded by 0 readers this month.

To fix various Windows 10 errors, we recommend Restoro:This software will repair common computer errors, protect you from file loss, malware damage, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove virus damage now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows 10 issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Why would someone launch a denial of service attack just to crash your VLC media player?

A malicious actor could do it for fun, no? Or maybe they found a new way to steal your information. But, whatever their intention is, a flaw in the VLC app could let them do exactly that!

That’s why the folks at VideoLAN recommend that you update to VLC 3.0.11 for Windows 10, which patches the vulnerability.

VLC media player patches crash vulnerability

Tommy Muir alerted VideoLAN to the CVE-2020-13428 flaw that affects the VLC media player.

In a typical CVE-2020-13428 exploit, an attacker remotely delivers a specially crafted script that causes a buffer overflow affecting the VLC H26X packetizer.

They could send you the malware disguised as a genuine media file. They could also deliver it in the form of a media stream.

Once you open the specially crafted file, the malware starts executing.

After that, the bad actor may be able to crash your media player in a denial of service attack. Alternatively, they could gain your user privileges and execute arbitrary scripts.

While these issues in themselves are most likely to just crash the player, we can’t exclude that they could be combined to leak user information or remotely execute code. ASLR and DEP help reduce the likelihood of code execution, but may be bypassed.

The VLC media player takes advantage of address space layout randomization (ASLR), a memory protection technique that minimizes the risk of buffer-overflow attacks. Apart from that, it also leverages data execution prevention (DEP) to guard against the effects of malware and viruses.

But VideoLAN warns that an attacker may still breach ASLR and DEP and succeed in their CVE-2020-13428 attack.

Most probably, the company received a proof of concept from Muir, rather than evidence of an ongoing exploit in the wild. So, you should be safe for now, although updating to the latest version of the VLC media player should be a priority.

Do you use the VLC media player for Windows 10, and are you experiencing any crash issues? Kindly let us know or ask any questions via the comments section below.

Still having issues? Fix them with this tool:


If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: