Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
MS Flight Simulator (2020): the 2021 PC graphics performance benchmark review
Radeon Series RX 6700 XT preview & analysis
Corsair MM700 & Corsair Katar Pro XT Review
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review

New Downloads
GeForce 461.81 hotfix driver download
ClockTuner for Ryzen (CTR) v2.0 RC4 Download
SiSoft Sandra 20/21 download v31.12
Intel HD graphics Driver Download Version: DCH 27.20.100.9316
AIDA64 Download Version 6.32.5644 beta
FurMark Download v1.25
MSI Afterburner 4.6.3 Final Stable Download
Display Driver Uninstaller Download version 18.0.3.7
Guru3D RTSS Rivatuner Statistics Server Download 7.3.0 Final
Media Player Classic - Home Cinema v1.9.10 Download


New Forum Topics
AMD announces Radeon RX 6700 XT 12GB at 479 USD, launches on March 18th MS Flight Simulator (2020): the 2021 PC graphics performance benchmark review Free to grab: Wargame Red Dragon on Epic Games Store AMD confirms that Resident Evil Village will have Ray Tracing support on PC Vulkan Beta Driver VBIOS modded to 1000W for GeForce RTX 3090 Hall Of Fame (HOF) Edition did not yield much GeForce Hotfix Driver Version 461.81 Download: Guru3D RTSS Rivatuner Statistics Server 7.3.0 Final AMD Releases Ryzen Threadripper PRO, professional CPU series RX Vega Owners Thread, Tests, Mods, BIOS & Tweaks ! (cont.)




Guru3D.com » News » Critical Vulnerabilities in VLC Media Player Spotted and Patched

Critical Vulnerabilities in VLC Media Player Spotted and Patched

by Hilbert Hagedoorn on: 06/27/2019 07:18 AM | source: securityweek | 10 comment(s)
Critical Vulnerabilities in VLC Media Player Spotted and Patched

VideoLAN has addressed a critical double-free vulnerability in the VLC media player that could allow an attacker to execute arbitrary code on target systems. This security loophole can be used to plant malware in the computer where the media player is being used. 

The security flaws on versions 3.0.6 and earlier of the software can enable hackers to load types of video files that can execute arbitrary code. Tracked as CVE-2019-12874, the security flaw features a CVSS v3 score of 9.8. The bug resides in the zlib_decompress_extra function of the VLC media player and could be triggered during the parsing of a malformed MKV file type within the Matroska demuxer.

Discovered by Symeon Paraschoudis from Pen Test Partners, the issue allows a remote attacker to create a specially crafted file to trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp). The vulnerability has been addressed with the release of VLC 3.0.7, which also fixes a high-severity heap buffer overflow, along with various other vulnerabilities. Tracked as CVE-2019-5439 and residing in the ReadFrame (demux/avi/avi.c) function, the buffer overflow could be exploited through a specially crafted .avi file. The bug was reported through HackerOne, as part of a bug bounty program run by the European Union. The issue is that the ReadFrame function uses a variable obtained directly from the file. Because no strict check is performed before the memory operation (memmove, memcpy), a buffer overflow could be triggered.

“If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user,” VideoLAN explains in an advisory detailing both security bugs.

To successfully exploit the vulnerabilities, an attacker would have to trick the user into explicitly opening a specially crafted file or stream. While ASLR and DEP help reduce exposure, they may be bypassed, the advisory reads.

“The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied,” VideoLAN recommends.







« VESA Publishes DisplayPort 2.0 Standard - Support for Beyond-8K & Higher Refresh Rates · Critical Vulnerabilities in VLC Media Player Spotted and Patched · AOC outs ergonomic and sleek 4K display, the U2790PQ »

Related Stories

More than HP printer models vulnerable to two very critical vulnerabilities - 08/07/2018 07:31 AM
Over a hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execut...

Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical - 05/03/2018 09:55 AM
News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities ...

Adobe Warns About Critical Flash Zero-Day Bug - 04/13/2011 09:30 AM
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Pla...

Hacker finds critical exploit in Apple Keyboard - 08/03/2009 08:02 AM
A dangerous exploit for the Apple Keyboard was presented at DEFCON 2009, a security researcher nicknamed K. Chen demonstrated he had found a way to infect the firmware of the Apple Keyboard. The attac...

Critical JavaScript Vulnerability in Firefox 3.5 - 07/16/2009 05:47 AM
Mozilla has posted a security warning for Firefox 3.5. The company says that the bug was discovered in the JIT JavaScript compiler and disclosed publicly yesterday. The vulnerability can be mitigated...


2 pages 1 2


sverek



Posts: 6074
Joined: 2011-01-02

#5684852 Posted on: 06/27/2019 07:43 AM
Shout out to VLC for being free and awesome.

SniperX
Senior Member



Posts: 137
Joined: 2018-05-04

#5684867 Posted on: 06/27/2019 08:49 AM
Changes between 3.0.7 and 3.0.7.1:
----------------------------------

Access:
* Update libbluray to 1.1.2

macOS:
* Fix bluray java menu playback regression in 3.0.7

Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support

Changes between 3.0.6 and 3.0.7:
--------------------------------

Access:
* Improve Blu-ray support
* Fix sftp module build with libssh >= 1.8.1

Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain

Demux:
* Improve MP4 support

Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11

Stream Output:
* Improve Chromecast support with new ChromeCast apps

macOS:
* Fix UPNP service discovery, services are discovered on the highest priority
active network interface now
* Fix video distortion on macOS Mojave

Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled

Translations:
* Update of most translations

Security:
* Fix multiple buffer overflows in the ps demuxer
* Fix a buffer overflow when copying a biplanar YUV image
* Fix multiple buffer overflows in the faad decoder
* Fix buffer overflow in the svcdsub decoder
* Fix buffer overflows in the ogg muxer & demuxer
* Fix buffer overflows in libavformat demuxer
* Fix multiple buffer overflows in the MKV demuxer
* Fix a buffer overflow in the MP4 demuxer
* Fix a buffer overflow in the textst decoder
* Fix a buffer overflow in the webvtt decoder
* Fix a buffer overflow in the ASF demux
* Fix a buffer overflow in the UPNP SD
* Fix use after free in the ogg demuxer
* Fix multiple use after free in the MKV demuxer
* Fix multiple use after free in the DMO decoder
* Fix integer underflow in the MKV demuxer
* Fix an updater NULL pointer dereference on invalid signing keys
* Fix NULL pointer dereference in the MKV demuxer
* Fix an integer overflow in the spudec decoder
* Fix an integer overflow in the nsc demuxer
* Fix an integer overflow in the avi demuxer
* Fix reads of uninitialized pointers in the MKV demuxer
* Fix a floating point exception in the MKV demuxer
* Fix an infinite loop in the flac packetizer

Jagman
Senior Member



Posts: 2255
Joined: 2005-03-26

#5684912 Posted on: 06/27/2019 11:57 AM
Updated and +1 for VLC being awesome :D

Rich_Guy
Senior Member



Posts: 12622
Joined: 2003-05-11

#5684915 Posted on: 06/27/2019 12:03 PM
Just updated, thanks Hilbert :)

rl66
Senior Member



Posts: 2745
Joined: 2007-05-31

#5684960 Posted on: 06/27/2019 02:02 PM
patched before reading... I like reactive company.

2 pages 1 2


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021