A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no available patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago. It turns out that the reporting user was using an older version of Ubuntu that includes a vulnerable version of the libeml module. BleepingComputer has tested various versions of VLC against the PoC file provided in the bug report and none of them produces a crash or unwanted behavior.
Source: https://www.bleepingcomputer.com/news/security/keep-calm-carry-on-vlc-not-affected-by-critical-vulnerability/

