Jump to content

Recommended Posts

Any idea if Exploit Protection in Malwarebytes guards against this vulnerability?  I assume it does, but I don't know for certain.  I do know that VLC is among the default media players/applications shielded by Exploit Protection in Malwarebytes 3.

Share this post


Link to post
Share on other sites
Posted (edited)

According to Research, VLC says it's not reproducible, so we have no way to know at this time.

Quote

[Update 10:30 AM] The VLC CVE on the National Vulnerability Database has now been updated, downgrading the severity of the issue from a Base Score of 9.8 (critical) to 5.5 (medium), with the change log also specifying that the “Victim must voluntarily interact with attack mechanism.”

Additionally, VideoLAN’s public bug tracker now lists the bug report as “fixed” and has closed the thread.

 

Edited by AdvancedSetup
Updated information

Share this post


Link to post
Share on other sites
Posted (edited)
On 7/23/2019 at 8:31 PM, AdvancedSetup said:

Refers to;  CVE-2019-13615

VideoLAN VLC was just updated to v3.0.8 but CVE-2019-13615 does not seem to have been addressed.

https://www.videolan.org/developers/vlc-branch/NEWS

Quote

Security:
 * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 * Fix a read buffer overflow in the FAAD decoder
 * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 * Fix a null dereference in the dvdnav demuxer
 * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 * Fix a null dereference in the AVI demuxer
 * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

 

However according to this, the issue has been fixed.

https://trac.videolan.org/vlc/ticket/22474

 

Edited by David H. Lipman

Share this post


Link to post
Share on other sites

Thanks for the update David.

I used to use VLC quite often for years but I don't troll much in the underground like I used to so I don't run across as many various CODEC video requirements as there used to be. VLC is still an overall great little program though.

 

 

Share this post


Link to post
Share on other sites

Thanks @David H. Lipman for the added info...

Speaking of VLC... am I missing something or does VLC not have a fast forward and rewind button?  When I click on the ones I see, it goes to the next video.

Share this post


Link to post
Share on other sites

There are additional controls you can add to the interface if you go to Tools>Customize Interface..., just select what you want to add from the list, including play speed buttons (speed up/slow down), frame by frame, step forward and step back (probably the closest to what you seek with regards to functionality if the play speed function doesn't do it for you).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.