VLC Media Player 3.0.7 released

Sicherheit[German]The developers of VideoLan released the VLC Player version 3.0.7 for Linux, macOS and Windows a few days ago (June 6, 2019). This version closes some vulnerabilities of the previous versions.


Advertising

I was offered the update straight line when starting VLC Player 3.0.6. But there were also hints for readers by mail (thanks). The change log shows the following changes between version 3.0.6 and 3.0.7:

Access:

  • Improve Blu-ray support
  • Fix sftp module build with libssh >= 1.8.1

Audio output:

  • Fix pass-through on Android-23
  • Fix DirectSound drain

Demux:

  • Improve MP4 support

Video Output:


Advertising

  • Fix 12 bits sources playback with Direct3D11
  • Fix crash on iOS
  • Fix midstream aspect-ratio changes when Windows hardware decoding is on
  • Fix HLG display with Direct3D11

Stream Output:

  • Improve Chromecast support with new ChromeCast apps

macOS:

  • Fix UPNP service discovery, services are discovered on the highest priority active network interface now
  • Fix video distortion on macOS Mojave

Misc:

  • Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
  • Work around busy looping when playing an invalid item with loop enabled

Translations:

  • Update of most translations

Security:

  • Fix multiple buffer overflows in the ps demuxer
  • Fix a buffer overflow when copying a biplanar YUV image
  • Fix multiple buffer overflows in the faad decoder
  • Fix buffer overflow in the svcdsub decoder
  • Fix buffer overflows in the ogg muxer & demuxer
  • Fix buffer overflows in libavformat demuxer
  • Fix multiple buffer overflows in the MKV demuxer
  • Fix a buffer overflow in the MP4 demuxer
  • Fix a buffer overflow in the textst decoder
  • Fix a buffer overflow in the webvtt decoder
  • Fix a buffer overflow in the ASF demux
  • Fix a buffer overflow in the UPNP SD
  • Fix use after free in the ogg demuxer
  • Fix multiple use after free in the MKV demuxer
  • Fix multiple use after free in the DMO decoder
  • Fix integer underflow in the MKV demuxer
  • Fix an updater NULL pointer dereference on invalid signing keys
  • Fix NULL pointer dereference in the MKV demuxer
  • Fix an integer overflow in the spudec decoder
  • Fix an integer overflow in the nsc demuxer
  • Fix an integer overflow in the avi demuxer
  • Fix reads of uninitialized pointers in the MKV demuxer
  • Fix a floating point exception in the MKV demuxer
  • Fix an infinite loop in the flac packetizer

Because of the vulnerabilities, you should update to the new version as soon as possible. The new player is available on this website for Linux, macOS, Windows and operating systems.


Advertising

This entry was posted in Security, Software, Update and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).