VLC is probably the most popular medial player available for Linux. Discovered by German security agency CERT-Bund, a new flaw in VLC (listed as CVE-2019-13615) that has been given a base vulnerability score of 9.8, which classifies it as “critical”.
The vulnerability allows for RCE (remote code execution) which potentially allows bad actors attackers to install, modify, or run software without authorization, and could also be used to disclose files on the host system. Translation: VLC’s security hole could allow hackers to hijack your computer and see your files.
VideoLAN is also aware of the issue and is currently working on a patch, though right now, that patch appears to only be 60 percent complete.