Critical Vulnerabilities in VLC Media Player Spotted and Patched
VideoLAN has addressed a critical double-free vulnerability in the VLC media player that could allow an attacker to execute arbitrary code on target systems. This security loophole can be used to plant malware in the computer where the media player is being used.
The security flaws on versions 3.0.6 and earlier of the software can enable hackers to load types of video files that can execute arbitrary code. Tracked as CVE-2019-12874, the security flaw features a CVSS v3 score of 9.8. The bug resides in the zlib_decompress_extra function of the VLC media player and could be triggered during the parsing of a malformed MKV file type within the Matroska demuxer.
Discovered by Symeon Paraschoudis from Pen Test Partners, the issue allows a remote attacker to create a specially crafted file to trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp). The vulnerability has been addressed with the release of VLC 3.0.7, which also fixes a high-severity heap buffer overflow, along with various other vulnerabilities. Tracked as CVE-2019-5439 and residing in the ReadFrame (demux/avi/avi.c) function, the buffer overflow could be exploited through a specially crafted .avi file. The bug was reported through HackerOne, as part of a bug bounty program run by the European Union. The issue is that the ReadFrame function uses a variable obtained directly from the file. Because no strict check is performed before the memory operation (memmove, memcpy), a buffer overflow could be triggered.
“If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user,” VideoLAN explains in an advisory detailing both security bugs.
To successfully exploit the vulnerabilities, an attacker would have to trick the user into explicitly opening a specially crafted file or stream. While ASLR and DEP help reduce exposure, they may be bypassed, the advisory reads.
“The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied,” VideoLAN recommends.
More than HP printer models vulnerable to two very critical vulnerabilities - 08/07/2018 08:31 AM
Over a hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execut...
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical - 05/03/2018 10:55 AM
News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities ...
Adobe Warns About Critical Flash Zero-Day Bug - 04/13/2011 10:30 AM
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Pla...
Hacker finds critical exploit in Apple Keyboard - 08/03/2009 09:02 AM
A dangerous exploit for the Apple Keyboard was presented at DEFCON 2009, a security researcher nicknamed K. Chen demonstrated he had found a way to infect the firmware of the Apple Keyboard. The attac...
Critical JavaScript Vulnerability in Firefox 3.5 - 07/16/2009 06:47 AM
Mozilla has posted a security warning for Firefox 3.5. The company says that the bug was discovered in the JIT JavaScript compiler and disclosed publicly yesterday. The vulnerability can be mitigated...
Senior Member
Posts: 144
Joined: 2018-05-04
Changes between 3.0.7 and 3.0.7.1:
----------------------------------
Access:
* Update libbluray to 1.1.2
macOS:
* Fix bluray java menu playback regression in 3.0.7
Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support
Changes between 3.0.6 and 3.0.7:
--------------------------------
Access:
* Improve Blu-ray support
* Fix sftp module build with libssh >= 1.8.1
Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain
Demux:
* Improve MP4 support
Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11
Stream Output:
* Improve Chromecast support with new ChromeCast apps
macOS:
* Fix UPNP service discovery, services are discovered on the highest priority
active network interface now
* Fix video distortion on macOS Mojave
Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled
Translations:
* Update of most translations
Security:
* Fix multiple buffer overflows in the ps demuxer
* Fix a buffer overflow when copying a biplanar YUV image
* Fix multiple buffer overflows in the faad decoder
* Fix buffer overflow in the svcdsub decoder
* Fix buffer overflows in the ogg muxer & demuxer
* Fix buffer overflows in libavformat demuxer
* Fix multiple buffer overflows in the MKV demuxer
* Fix a buffer overflow in the MP4 demuxer
* Fix a buffer overflow in the textst decoder
* Fix a buffer overflow in the webvtt decoder
* Fix a buffer overflow in the ASF demux
* Fix a buffer overflow in the UPNP SD
* Fix use after free in the ogg demuxer
* Fix multiple use after free in the MKV demuxer
* Fix multiple use after free in the DMO decoder
* Fix integer underflow in the MKV demuxer
* Fix an updater NULL pointer dereference on invalid signing keys
* Fix NULL pointer dereference in the MKV demuxer
* Fix an integer overflow in the spudec decoder
* Fix an integer overflow in the nsc demuxer
* Fix an integer overflow in the avi demuxer
* Fix reads of uninitialized pointers in the MKV demuxer
* Fix a floating point exception in the MKV demuxer
* Fix an infinite loop in the flac packetizer
Senior Member
Posts: 2259
Joined: 2005-03-26
Updated and +1 for VLC being awesome

Senior Member
Posts: 12786
Joined: 2003-05-11
Just updated, thanks Hilbert

Senior Member
Posts: 3397
Joined: 2007-05-31
patched before reading... I like reactive company.
Posts: 6073
Joined: 2011-01-02
Shout out to VLC for being free and awesome.