Opened 5 years ago

Closed 5 years ago

#12133 closed enhancement (fixed)

vlc-3.0.7.1

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (8)

comment:1 by Douglas R. Reno, 5 years ago

Priority: normalhigh

Now vlc-3.0.7.1.

After 100 millions downloads of 3.0.6, VideoLAN is releasing today the VLC 3.0.7 release, focusing on numerous security fixes, improving HDR support on Windows, and Blu-ray menu support.
Security Advisory 1901

Summary           : Read buffer overflow & double free
Date              : June 2019
Affected versions : VLC media player 3.0.6 and earlier
ID                : VideoLAN-SA-1901
CVE reference     : CVE-2019-5439, CVE-2019-12874

Details

A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively
Impact

If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.
Threat mitigation

Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.
Workarounds

The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
Solution

VLC media player 3.0.7 addresses the issues. This release also fixes an important security issue that could lead to code execution when playing an AAC file.
Credits

The MKV double free vulnerability was reported by Symeon Paraschoudis from Pen Test Partners
References

The VideoLAN project
    http://www.videolan.org/ 
VLC official GIT repository
    http://git.videolan.org/?p=vlc.git 
Description =========== 

- CVE-2019-5439 (arbitrary code execution) 
VideoLAN VLC media player 3.0.6 and earlier has a out-of-bounds write has been found in the ReadFrame function of the AVI decoder. 
- CVE-2019-12874 (arbitrary code execution) 
VideoLAN VLC media player 3.0.6 and earlier has a double-free in the zlib_decompress_extra function of the Matroska demuxer in modules/demux/mkv/util.cpp.
Last edited 5 years ago by Douglas R. Reno (previous) (diff)

comment:2 by Douglas R. Reno, 5 years ago

Summary: vlc-3.0.7vlc-3.0.7.1

Now 3.0.7.1

comment:3 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

comment:4 by Douglas R. Reno, 5 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:5 by Bruce Dubbs, 5 years ago

Owner: changed from Douglas R. Reno to Bruce Dubbs
Status: assignednew

comment:6 by Bruce Dubbs, 5 years ago

Status: newassigned

comment:7 by Bruce Dubbs, 5 years ago

Changes between 3.0.7 and 3.0.7.1:

Access:

  • Update libbluray to 1.1.2

Video Output:

  • Fix hardware acceleration with some AMD drivers
  • Improve direct3d11 HDR support

comment:8 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21835.

Note: See TracTickets for help on using tickets.