These four patched vulnerabilities could be used by a malicious third party to trigger a crash or arbitrary code execution privilege in VLC, but VideoLAN has indicated that there are no known vulnerabilities to code execution via these vulnerabilities. The fixes include a denial of service issue (div by 0) that could be triggered by the wrong mp4 file (#27202), a fix for a vulnerability that causes crashes when handling multiple files (#26930), a denial of service issue (null pointer dereference) that could be triggered by the wrong og file (#27294) and a potential buffer overflow in the vnc module that could be triggered by a malicious vnc URL to trigger remote code execution (#27335, CVE-2022-41325). The Blu-ray (BD-J) menu now works as intended, although the handling of Ultra HD Blu-ray discs is still a bit rough based on some brief tests with recently purchased versions.įinally, the new VLC includes fixes for several security issues that are detailed in the latest official security bulletin. VLC Media Player v3.0.18 also updates the library for handling Blu-ray (unprotected/decrypted) discs, finally resolving one of the longest-standing bugs affecting the program. The list of updated libraries and components includes FFmpeg, the heart of many media-related open source projects – upnp, x265, libsmb2, dav1d, libass, zlib, GnuTLS, mpg123, and more all rely on it. In addition, the update avoids playlist live loops when only very small or failed items are available, resolves “many” crash-related bugs, and adds support for DVBSub within MKV media files. The new media player fixes sought for some media formats improve file compatibility with older GPUs and remedy selected SMB protocol behavior. VideoLAN says VLC Media Player 3.0.18 adds support for a number of formats, improves adaptive streaming support, fixes some crashes and updates many third-party libraries.
0 Comments
Leave a Reply. |