your source for 3dfx, hardware and gaming

Release Notes

 
VLC Media Player 3.0.7

We just released VLC 3.0.7, a minor update of VLC branch 3.0.x. This release is a bit special, because it has more security issues fixed than any other version of VLC.

This high number of security issues is due to the sponsoring of a bug bounty program funded by the European Commission, during the FOSSA program.

Severity

According to our scale, we have had 33 valid security issues fixed thanks to this program:

  • 2 high security issues, (only one was present in 3.0.x),
  • 21 medium security issues,
  • 20 low security issues.

The 2 more important issues are an Out-of-Bound Write and a Stack Buffer Overflow.

the Out-of-Bound Write is not in the VLC codebase, but in a dependency of VLC, the faad2 library, unmaintained, unfortunately.

the Stack Buffer Overflow is a VLC 4.0-only issue in the new RIST module, and is therefore not impacting actual release of VLC.

The medium security issues are mostly out-of-band reads, heap overflows, NULL-dereference and use-after-free security issues. Those issues should not be exploitable with ASLR, but are important anyway, because they can crash VLC.

The low security issues are mostly integer overflow, division by zero, and other out-of-band reads with no actual impact. Those issues are not exploitable.

Description Download

Size: N/A Announcement

Type: App More Apps

Might be interesting to you


3dfxzone.it desktop version

Copyright 2021 - 3dfxzone.it - E' vietata la riproduzione del contenuto informativo e grafico. Note Legali. Privacy