VLC media player software versions prior to 3.0.7 contain two high-risk security flaws that could allow hackers to remotely take full control of your computer system. Vulnerability is a double-free issue which resides in “zlib_decompress_extra” function of VideoLAN VLC player and gets triggered when it parses a malformed MKV file type within the Matroska demuxer. The second high risk flaw, identified as CVE-2019-5439, is a read-buffer overflow issue that resides in the “ReadFrame” function and can be triggered using a malicious video file.
Source: https://thehackernews.com/2019/06/vlc-media-player-hacking.html