Two high-risk bugs in VLC media player could allow an adversary to craft a malicious.MKV video file that could be used in an attack to gain control of the victim s PC. The flaws were made public Monday by the developer of the open-source. In total, 15 VLC bugs have been made public; five were rated medium, three low and others remain unrated. The new vulnerabilities impact VLC version 3.0.7.1.1. The current updated version fixes those bugs.
Source: https://threatpost.com/high-risk-vlc-media-player-bugs/147503/