News

VLC Media Player update elnated 13 vulnerabilities

VideoLan developers released an updated version of VLC Media Player – 3.0.8. The new version eliminated 13 vulnerabilities and improved video playback functions.

The security bulletin states that the operation of the identified problems can be triggered by the simple opening of a specially crafted malicious file or stream. Thus, it is possible to provoke the appearance of buffer overflow errors, bugs like use-after-free, division by zero, and so on. Successful exploitation of vulnerabilities leads either to malfunctioning of the media player, or can lead to the execution of arbitrary code with the rights of the current user.

“Although these problems separately are likely to cause malfunction of the player only, we cannot exclude the possibility that they can also be combined and cause a leak of user’s information or remote code execution. ASLR and DEP help to reduce this probability, but they can be bypassed”, – write developers.

Ten of the thirteen vulnerabilities were discovered by Semmle Security Team specialists: among them are out-of-bounds read problems (CVE-2019-14437 and CVE-2019-14776), out-of-bounds records (CVE-2019-14438 and CVE-2019-14970), division by zero (CVE-2019-14498 and CVE-2019-14535), bugs of the use-after-free type (CVE-2019-14533, CVE-2019-14777 and CVE-2019-14778), as well as dereferencing a null pointer (CVE-2019-14534).

Read also: Intel released August patches and updated firmware for NUC

VideoLan engineers note that although the vulnerabilities CVE-2019-13602 and CVE-2019-13962, which were discovered by independent information security researchers, were rated at 8.8 and 9.8 points on a ten-point CVSS scale, in their opinion, the severity of these problems is overestimated, and most likely, they can be assessed at 4.3 points. Moreover, CVE-2019-13962 affects only VLC versions from 3.0.2 to 3.0.7.1.

In addition, the bulletin notes that problem CVE-2019-14533 affects WMV and WMA files (ASF container) and may be triggered while scrolling video.

In addition to fixing vulnerabilities in VLC Media Player 3.0.8, was fixed stuttering that arrived while viewing video with a low frame rate, and support for adaptive streaming was improved, WebVTT subtitle rendering problems were fixed, and audio output on macOS and iOS was improved.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button