Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
DeepCool LS720 (LCS) review
Fractal Design Pop Air RGB Black TG review
Palit GeForce GTX 1630 4GB Dual review
FSP Dagger Pro (850W PSU) review
Razer Leviathan V2 gaming soundbar review
Guru3D NVMe Thermal Test - the heatsink vs. performance
EnGenius ECW220S 2x2 Cloud Access Point review
Alphacool Eisbaer Aurora HPE 360 LCS cooler review
Noctua NH-D12L CPU Cooler Review
Silicon Power XPOWER XS70 1TB NVMe SSD Review

New Downloads
Prime95 download version 30.9 build 1
Intel ARC graphics Driver Download Version: 30.0.101.1743
AMD Radeon Software Adrenalin 22.6.1 WHQL driver download
GeForce 516.59 WHQL driver download
Media Player Classic - Home Cinema v1.9.22 Download
AMD Chipset Drivers Download v4.06.10.651
CrystalDiskInfo 8.17 Download
AMD Radeon Software Adrenalin 22.6.1 Windows 7 driver download
ReShade download v5.2.2
HWiNFO Download v7.26


New Forum Topics
FSR Thread Ubisoft is cutting off online gameplay for 15 games, players will no longer have access to purchased DLC Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc. AMD Might Release and Add Ryzen 5 5600X3D, Ryzen 9 5900X3D (X3D) procs In collaboration with Alphacool, ELSA releases RTX 3090 Liquid Cooled AMD Radeon Software - UWP HighPoint Releases 8-port USB 3.2 Gen.2 x 2 expansion card (20 Gbps) Rtx 3080 core clock 0 mhz... ASUS ROG Swift OLED PG48 UQ specs disclose 4K organic EL display compatible with 138Hz / 0.1ms. Sharkoon Launches PureWriter RGB White




Guru3D.com » News » Critical Vulnerabilities in VLC Media Player Spotted and Patched

Critical Vulnerabilities in VLC Media Player Spotted and Patched

by Hilbert Hagedoorn on: 06/27/2019 08:18 AM | source: securityweek | 10 comment(s)
Critical Vulnerabilities in VLC Media Player Spotted and Patched

VideoLAN has addressed a critical double-free vulnerability in the VLC media player that could allow an attacker to execute arbitrary code on target systems. This security loophole can be used to plant malware in the computer where the media player is being used. 

The security flaws on versions 3.0.6 and earlier of the software can enable hackers to load types of video files that can execute arbitrary code. Tracked as CVE-2019-12874, the security flaw features a CVSS v3 score of 9.8. The bug resides in the zlib_decompress_extra function of the VLC media player and could be triggered during the parsing of a malformed MKV file type within the Matroska demuxer.

Discovered by Symeon Paraschoudis from Pen Test Partners, the issue allows a remote attacker to create a specially crafted file to trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp). The vulnerability has been addressed with the release of VLC 3.0.7, which also fixes a high-severity heap buffer overflow, along with various other vulnerabilities. Tracked as CVE-2019-5439 and residing in the ReadFrame (demux/avi/avi.c) function, the buffer overflow could be exploited through a specially crafted .avi file. The bug was reported through HackerOne, as part of a bug bounty program run by the European Union. The issue is that the ReadFrame function uses a variable obtained directly from the file. Because no strict check is performed before the memory operation (memmove, memcpy), a buffer overflow could be triggered.

“If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user,” VideoLAN explains in an advisory detailing both security bugs.

To successfully exploit the vulnerabilities, an attacker would have to trick the user into explicitly opening a specially crafted file or stream. While ASLR and DEP help reduce exposure, they may be bypassed, the advisory reads.

“The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied,” VideoLAN recommends.







« VESA Publishes DisplayPort 2.0 Standard - Support for Beyond-8K & Higher Refresh Rates · Critical Vulnerabilities in VLC Media Player Spotted and Patched · AOC outs ergonomic and sleek 4K display, the U2790PQ »

Related Stories

More than HP printer models vulnerable to two very critical vulnerabilities - 08/07/2018 08:31 AM
Over a hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execut...

Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical - 05/03/2018 10:55 AM
News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities ...

Adobe Warns About Critical Flash Zero-Day Bug - 04/13/2011 10:30 AM
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Pla...

Hacker finds critical exploit in Apple Keyboard - 08/03/2009 09:02 AM
A dangerous exploit for the Apple Keyboard was presented at DEFCON 2009, a security researcher nicknamed K. Chen demonstrated he had found a way to infect the firmware of the Apple Keyboard. The attac...

Critical JavaScript Vulnerability in Firefox 3.5 - 07/16/2009 06:47 AM
Mozilla has posted a security warning for Firefox 3.5. The company says that the bug was discovered in the JIT JavaScript compiler and disclosed publicly yesterday. The vulnerability can be mitigated...


2 pages 1 2


sverek



Posts: 6073
Joined: 2011-01-02

#5684852 Posted on: 06/27/2019 08:43 AM
Shout out to VLC for being free and awesome.

SniperX
Senior Member



Posts: 144
Joined: 2018-05-04

#5684867 Posted on: 06/27/2019 09:49 AM
Changes between 3.0.7 and 3.0.7.1:
----------------------------------

Access:
* Update libbluray to 1.1.2

macOS:
* Fix bluray java menu playback regression in 3.0.7

Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support

Changes between 3.0.6 and 3.0.7:
--------------------------------

Access:
* Improve Blu-ray support
* Fix sftp module build with libssh >= 1.8.1

Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain

Demux:
* Improve MP4 support

Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11

Stream Output:
* Improve Chromecast support with new ChromeCast apps

macOS:
* Fix UPNP service discovery, services are discovered on the highest priority
active network interface now
* Fix video distortion on macOS Mojave

Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled

Translations:
* Update of most translations

Security:
* Fix multiple buffer overflows in the ps demuxer
* Fix a buffer overflow when copying a biplanar YUV image
* Fix multiple buffer overflows in the faad decoder
* Fix buffer overflow in the svcdsub decoder
* Fix buffer overflows in the ogg muxer & demuxer
* Fix buffer overflows in libavformat demuxer
* Fix multiple buffer overflows in the MKV demuxer
* Fix a buffer overflow in the MP4 demuxer
* Fix a buffer overflow in the textst decoder
* Fix a buffer overflow in the webvtt decoder
* Fix a buffer overflow in the ASF demux
* Fix a buffer overflow in the UPNP SD
* Fix use after free in the ogg demuxer
* Fix multiple use after free in the MKV demuxer
* Fix multiple use after free in the DMO decoder
* Fix integer underflow in the MKV demuxer
* Fix an updater NULL pointer dereference on invalid signing keys
* Fix NULL pointer dereference in the MKV demuxer
* Fix an integer overflow in the spudec decoder
* Fix an integer overflow in the nsc demuxer
* Fix an integer overflow in the avi demuxer
* Fix reads of uninitialized pointers in the MKV demuxer
* Fix a floating point exception in the MKV demuxer
* Fix an infinite loop in the flac packetizer

Jagman
Senior Member



Posts: 2259
Joined: 2005-03-26

#5684912 Posted on: 06/27/2019 12:57 PM
Updated and +1 for VLC being awesome :D

Rich_Guy
Senior Member



Posts: 12786
Joined: 2003-05-11

#5684915 Posted on: 06/27/2019 01:03 PM
Just updated, thanks Hilbert :)

rl66
Senior Member



Posts: 3397
Joined: 2007-05-31

#5684960 Posted on: 06/27/2019 03:02 PM
patched before reading... I like reactive company.

2 pages 1 2


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022