Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review
Fractal Design Pop Air RGB Black TG review
Palit GeForce GTX 1630 4GB Dual review
FSP Dagger Pro (850W PSU) review
Razer Leviathan V2 gaming soundbar review
Guru3D NVMe Thermal Test - the heatsink vs. performance
EnGenius ECW220S 2x2 Cloud Access Point review
Alphacool Eisbaer Aurora HPE 360 LCS cooler review
Noctua NH-D12L CPU Cooler Review
Critical Vulnerabilities in VLC Media Player Spotted and Patched
VideoLAN has addressed a critical double-free vulnerability in the VLC media player that could allow an attacker to execute arbitrary code on target systems. This security loophole can be used to plant malware in the computer where the media player is being used.
The security flaws on versions 3.0.6 and earlier of the software can enable hackers to load types of video files that can execute arbitrary code. Tracked as CVE-2019-12874, the security flaw features a CVSS v3 score of 9.8. The bug resides in the zlib_decompress_extra function of the VLC media player and could be triggered during the parsing of a malformed MKV file type within the Matroska demuxer.
Discovered by Symeon Paraschoudis from Pen Test Partners, the issue allows a remote attacker to create a specially crafted file to trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp). The vulnerability has been addressed with the release of VLC 3.0.7, which also fixes a high-severity heap buffer overflow, along with various other vulnerabilities. Tracked as CVE-2019-5439 and residing in the ReadFrame (demux/avi/avi.c) function, the buffer overflow could be exploited through a specially crafted .avi file. The bug was reported through HackerOne, as part of a bug bounty program run by the European Union. The issue is that the ReadFrame function uses a variable obtained directly from the file. Because no strict check is performed before the memory operation (memmove, memcpy), a buffer overflow could be triggered.
“If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user,” VideoLAN explains in an advisory detailing both security bugs.
To successfully exploit the vulnerabilities, an attacker would have to trick the user into explicitly opening a specially crafted file or stream. While ASLR and DEP help reduce exposure, they may be bypassed, the advisory reads.
“The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied,” VideoLAN recommends.
More than HP printer models vulnerable to two very critical vulnerabilities - 08/07/2018 08:31 AM
Over a hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execut...
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical - 05/03/2018 10:55 AM
News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities ...
Adobe Warns About Critical Flash Zero-Day Bug - 04/13/2011 10:30 AM
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Pla...
Hacker finds critical exploit in Apple Keyboard - 08/03/2009 09:02 AM
A dangerous exploit for the Apple Keyboard was presented at DEFCON 2009, a security researcher nicknamed K. Chen demonstrated he had found a way to infect the firmware of the Apple Keyboard. The attac...
Critical JavaScript Vulnerability in Firefox 3.5 - 07/16/2009 06:47 AM
Mozilla has posted a security warning for Firefox 3.5. The company says that the bug was discovered in the JIT JavaScript compiler and disclosed publicly yesterday. The vulnerability can be mitigated...
azraei97
Junior Member
Posts: 6
Joined: 2018-10-31
Junior Member
Posts: 6
Joined: 2018-10-31
#5685489 Posted on: 06/29/2019 01:19 PM
Well, I'm not really care. VLC simply not good enough to play what I want properly long ago. Not sure now. I try to use VLC for android recently, it has same problem with some media same like the desktop version but I like a bit for android version because compare to other android m player, VLC no ads with it Free To Use. Now I use SMPlayer (MPV), K-Lite (MPC) for my PC meanwhile my phone/android base hardware use MX Player (MPV).
Well, I'm not really care. VLC simply not good enough to play what I want properly long ago. Not sure now. I try to use VLC for android recently, it has same problem with some media same like the desktop version but I like a bit for android version because compare to other android m player, VLC no ads with it Free To Use. Now I use SMPlayer (MPV), K-Lite (MPC) for my PC meanwhile my phone/android base hardware use MX Player (MPV).
rl66
Senior Member
Posts: 3397
Joined: 2007-05-31
Senior Member
Posts: 3397
Joined: 2007-05-31
#5686927 Posted on: 07/03/2019 11:43 PM
MX Player is the best on Android device and read nearly everything ...
On PC VLC still rock because with some few search on the net it can play BR and BR iso and also record streaming (but shhh it's both not allowed) but it is still crappy with real DVD reading.
Well, I'm not really care. VLC simply not good enough to play what I want properly long ago. Not sure now. I try to use VLC for android recently, it has same problem with some media same like the desktop version but I like a bit for android version because compare to other android m player, VLC no ads with it Free To Use. Now I use SMPlayer (MPV), K-Lite (MPC) for my PC meanwhile my phone/android base hardware use MX Player (MPV).
MX Player is the best on Android device and read nearly everything ...
On PC VLC still rock because with some few search on the net it can play BR and BR iso and also record streaming (but shhh it's both not allowed) but it is still crappy with real DVD reading.
The Goose
Senior Member
Posts: 2942
Joined: 2008-02-25
Senior Member
Posts: 2942
Joined: 2008-02-25
#5686939 Posted on: 07/04/2019 12:09 AM
Not used Vlc since i switched to MPC-HC x64 several years ago.....it has an auto shut down function which is handy for me as i have Tinnitus and have a film running in the background when im trying to get to sleep, i find windows sleep function does not always work unlike mpc which will shutdown my pc when the film is finished....8 times out of 10 ive fallen to sleep within the first 10 minutes, some times it takes 2 films.
Not used Vlc since i switched to MPC-HC x64 several years ago.....it has an auto shut down function which is handy for me as i have Tinnitus and have a film running in the background when im trying to get to sleep, i find windows sleep function does not always work unlike mpc which will shutdown my pc when the film is finished....8 times out of 10 ive fallen to sleep within the first 10 minutes, some times it takes 2 films.
sverek
Senior Member
Posts: 6073
Joined: 2011-01-02
Senior Member
Posts: 6073
Joined: 2011-01-02
#5686967 Posted on: 07/04/2019 03:48 AM
MX Player is the best on Android device and read nearly everything ...
On PC VLC still rock because with some few search on the net it can play BR and BR iso and also record streaming (but shhh it's both not allowed) but it is still crappy with real DVD reading.
Shame that free MX Player is plague with ads. Basically a profit making tool.
MX Player is the best on Android device and read nearly everything ...
On PC VLC still rock because with some few search on the net it can play BR and BR iso and also record streaming (but shhh it's both not allowed) but it is still crappy with real DVD reading.
Shame that free MX Player is plague with ads. Basically a profit making tool.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 290
Joined: 2010-07-20
Many thanks Hilbert for posting this article. As a result I definitely updated my VLC player!