VLC Vulnerabilities

[AdvancedSetup]

https://gizmodo.com/you-might-want-to-uninstall-vlc-immediately-1836641101

 

[Hardhead]

Thanks for the heads up @AdvancedSetup

[exile360]

Any idea if Exploit Protection in Malwarebytes guards against this vulnerability?  I assume it does, but I don't know for certain.  I do know that VLC is among the default media players/applications shielded by Exploit Protection in Malwarebytes 3.

[AdvancedSetup]

According to Research, VLC says it's not reproducible, so we have no way to know at this time.

Quote

[Update 10:30 AM] The VLC CVE on the National Vulnerability Database has now been updated, downgrading the severity of the issue from a Base Score of 9.8 (critical) to 5.5 (medium), with the change log also specifying that the “Victim must voluntarily interact with attack mechanism.”

Additionally, VideoLAN’s public bug tracker now lists the bug report as “fixed” and has closed the thread.

 

Edited July 24, 2019 by AdvancedSetup
Updated information

[David H. Lipman]

On 7/23/2019 at 8:31 PM, AdvancedSetup said:

https://gizmodo.com/you-might-want-to-uninstall-vlc-immediately-1836641101

Refers to;  CVE-2019-13615

VideoLAN VLC was just updated to v3.0.8 but CVE-2019-13615 does not seem to have been addressed.

https://www.videolan.org/developers/vlc-branch/NEWS

Quote

Security:
 * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 * Fix a read buffer overflow in the FAAD decoder
 * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 * Fix a null dereference in the dvdnav demuxer
 * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 * Fix a null dereference in the AVI demuxer
 * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

 

However according to this, the issue has been fixed.

https://trac.videolan.org/vlc/ticket/22474

 

Edited August 21, 2019 by David H. Lipman

[AdvancedSetup]

Thanks for the update David.

I used to use VLC quite often for years but I don't troll much in the underground like I used to so I don't run across as many various CODEC video requirements as there used to be. VLC is still an overall great little program though.

 

 

[Firefox]

Thanks @David H. Lipman for the added info...

Speaking of VLC... am I missing something or does VLC not have a fast forward and rewind button?  When I click on the ones I see, it goes to the next video.

[David H. Lipman]

It has a time scaled histogram selector.  You grab it and look at the time and stop when appropriate.  It does have some Hot-Keys but no Fast Forward or Rewind Button.

https://www.vlchelp.com/vlc-media-player-shortcuts/

 

[exile360]

There are additional controls you can add to the interface if you go to Tools>Customize Interface..., just select what you want to add from the list, including play speed buttons (speed up/slow down), frame by frame, step forward and step back (probably the closest to what you seek with regards to functionality if the play speed function doesn't do it for you).

[Firefox]

Thanks for the hints fellows