VLC Media Player 3.0.7 released: security updates and improvements - gHacks Tech News

ADVERTISEMENT

VLC Media Player 3.0.7 released: security updates and improvements

A new version of the cross-platform multimedia application VLC Media Player hast been released today. VLC Media Player 3.0.7 is a minor update that fixes security issues and includes some improvements and updates to components.

The release of VLC Media Player 3.0.7 has not been announced officially but interested users may download the new version already from the official download site of the project. Just install the new version over the existing installation to update the player to the new version.

Tip: you can check the installed version by selecting Help > About.

VLC Media Player 3.0.7: what is new

vlc media player 3.07

The new version is a security update first and foremost. The changelog lists more than two dozen fixes in demuxers and decoders, as well as other program components. Many fix buffer and integer overflows in these components but the update addresses a floating point exception, an infinite loop issue, a NULL pointer dereference, an integer underflow, as well as multiple use after free issues in VLC Media Player.

VLC 3.0.7 features several improvements next to that. The developers improved the player's Blu-Ray support in the new version. VLC can play video discs including DVD and Blu-Ray formats; the changelog does not list what has been improved in regards to Blu-Ray support, however.

Other improvements in the new version include improved MP4 demux support, better Chromecast support with new Chromecast applications, updates for various Internet media services such as YouTube, Soundcloud, Dailymotion, and Vimeo, and translation improvements.

The new version fixes several issues of previous versions including a crash on iOS, audio and video output issues, as well as video distortion on Mac OS Mojave.

VideoLAN, the company behind VLC Media Player, continues its work on VLC Media Player 4.0 in the meantime, the next major release of the multimedia player. We reviewed a preview version of the upcoming player in February 2019. The new version comes with new features and improvements, but drops support for older operating system versions.

Closing Words

VLC Media Player 3.0.7 should be announced soon officially. Users who don't want to wait can download the new version already to update existing installations.

Now You: Which media player do you use, and why? (via Deskmodder)

Summary
VLC Media Player 3.0.7 released: security updates and improvements
Article Name
VLC Media Player 3.0.7 released: security updates and improvements
Description
VLC Media Player 3.0.7 is a minor update that fixes security issues and includes some improvements and updates to components.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. 420 said on June 6, 2019 at 2:00 pm
    Reply

    I like mpc-hc with k-lite, seems to work with least resources and best image quality.

    1. Martin P. said on June 6, 2019 at 4:10 pm
      Reply

      Last official version is from 2017. Any alternative newer version available?

      1. Anonymous said on June 6, 2019 at 5:44 pm
        Reply
      2. Coneiforme said on June 6, 2019 at 5:45 pm
        Reply

        MPC-BE might still be developed but I haven’t checked in a while as I use a nix machine with VLC and MPV now.

  2. Bobo said on June 6, 2019 at 2:19 pm
    Reply

    1994 called, it wants its UI back.

    1. Martin Brinkmann said on June 6, 2019 at 3:20 pm
      Reply

      I don’t really mind the user interface as long as the program is good.

      1. Bobo said on June 6, 2019 at 9:26 pm
        Reply

        I want both, a good program and a nice UI. Luckily there are other options out there for me. Still, it bugs the hell out of me when I see ancient looking programs.. Maybe they think that’s their niche’, their “thing”: “We looked like garbage 20 years ago, and still do. We rock!” FINE! Be that way! Now get off my lawn. =)

      2. John Fenderson said on June 7, 2019 at 7:01 pm
        Reply

        @Bobo: “We looked like garbage 20 years ago, and still do.”

        You don’t like that style of UI. Fair enough, then use a different skin.

        However, whether or not it “looks like garbage” is a purely subjective call, and I’ll bet the VideoLan devs and a substantial portion of VLC users don’t think it looks like garbage at all.

        Also, how old the design is has literally nothing to do with whether or not it’s good.

      3. CKing123 said on June 11, 2019 at 3:58 am
        Reply

        @Bobo and @John Fenderson VLC 4 does come with a redesigned UI as ghacks documented: https://www.ghacks.net/2019/02/06/vlc-media-player-4-0/

      4. Deo et Patriae said on June 8, 2019 at 6:52 pm
        Reply

        https://imgur.com/Y0zY1oG

        Seriously, what garbage are you talking about? It’s a native Win32 UI.

    2. Kingo said on June 6, 2019 at 6:07 pm
      Reply

      Who cares about the UI on a video program as long as you know what everything means?

    3. Jeff said on June 6, 2019 at 6:41 pm
      Reply

      UI is not for fashion but apparently Bobo doesn’t get that. Classic Shell, VLC, 7-Zip all enormously popular apps – downloads in several hundred millions despite “1990s UI”. In fact they focus on good usability, not fancy hard to decipher icon-only buttons like Windows 10.

    4. MdN said on June 6, 2019 at 7:59 pm
      Reply

      I rather like the UI. It’s efficient, unobtrusive and flat. Sort of timeless. Back in my Windows days I tried a few more players, and some looked like something out of a video game… I’m trying to watch the video, not the interface! Right now on my computer it’s VLC and SMPlayer and on my phone VLC (though I have custom launcher and icons so I don’t have to look at that traffic cone).

    5. John Fenderson said on June 6, 2019 at 9:35 pm
      Reply

      @Bobo:

      I’ll take that GUI style over what the current fashion is any day.

    6. Ginger said on June 6, 2019 at 11:33 pm
      Reply

      The UI is perfectly. There is a lot of customization options and even skinning. If it ain’t broke don’t fix it. Would you rather half-assed app with zero functionality like the apps we see on Windows 10?

    7. Yuliya said on June 7, 2019 at 7:02 am
      Reply

      I don’t understand, what exactly is wrong with VLC’s current UI. Could you show us?

    8. comments section arbiter of fashion said on June 7, 2019 at 7:27 am
      Reply

      Clean lines never ever go out of style, kid.

    9. Steve#99 said on June 7, 2019 at 12:32 pm
      Reply

      @Bobo

      While in VLC, press F. That is the only GUI that matters when using video apps. VLC’s user interaction is fully controlled by simple, fairly well thought out one click keyboard commands.

      PS: Thanks for this article Martin, I was just now finalizing a new laptop for my wife, which was going to have 3.0.6 portable. Timely info like this tis why we love ghacks.

  3. zer0 said on June 6, 2019 at 2:39 pm
    Reply

    Can’t even remember the last time I had VLC on my system.
    Been using mpv for quite a long time on Windows and I’m happy with it.

  4. Matthew Parker said on June 6, 2019 at 3:17 pm
    Reply

    I wish they allowed to customize the theme and icons of VLC. It’s a great program, but the traffic cone thing is ugly for corporate environments.

    1. Dave said on June 6, 2019 at 6:48 pm
      Reply

      Still using VLC v3.0. I’ve intigrated it with an old version of plex (on an old version of FF) in the living room so we have a nice library UI. (for local files only)

      I posted instructions (not a tutorial) how to set it up over on the plex forums.

      https://forums.plex.tv/t/how-i-make-plex-use-vlc-to-play-movies-local-files/361131

  5. Stan said on June 6, 2019 at 4:31 pm
    Reply
    1. Coneiforme said on June 6, 2019 at 5:42 pm
      Reply

      Most of those are ancient and unsuported and objectively ugly…

      1. bikooo2 said on June 6, 2019 at 7:31 pm
        Reply

        On deviantart there are some good skins. But I always return to the native style

      2. Stan said on June 7, 2019 at 3:42 am
        Reply

        You are correct, I’d not realized how broken the ones I have are.
        Going to check out DA…thanks.

      3. John Fenderson said on June 7, 2019 at 7:03 pm
        Reply

        @Coneiforme:

        There’s no such thing as “objectively ugly”. Also, why does whether or not it’s “supported” matter when it comes to a skin?

      4. Coneiforme said on June 10, 2019 at 3:50 pm
        Reply

        Exactly, that’s how ugly some are. If they are not supported it causes incompatibilities with new features/menus, bugs, etc and in worst case scenario, crashes.

  6. schrodingercat said on June 6, 2019 at 4:58 pm
    Reply

    I myself prefer mpv.net, which is based on mpv with all the benefits of the media player plus extras like GUI for settings.

    https://mpv-net.github.io/mpv.net-web-site/

  7. pHROZEN gHOST said on June 6, 2019 at 5:30 pm
    Reply

    I have 3.0.6 installed. I used the check for update. It tells me I have the latest version installed. They must not have updated something in their update check.

    1. ewf said on June 6, 2019 at 6:19 pm
      Reply

      he did say it’s not announced. a look at the ftp page (go back 1 level from his link) shows 3.0.6 as the latest revealed version.. so someone must have been doing some digging to find that link

  8. pHROZEN gHOST said on June 6, 2019 at 5:40 pm
    Reply

    I can’t agree more Martin.
    That’s why I still use Winamp to play MP3s.

  9. Coneiforme said on June 6, 2019 at 5:43 pm
    Reply

    Can’t wait to get a stable of 4.0 with the new, non obsolete interface.

    1. schrodingercat said on June 6, 2019 at 7:57 pm
      Reply

      here is your non obsolete interface bro – https://github.com/stax76/mpv.net/releases/tag/4.0

      1. Rush said on June 7, 2019 at 7:51 pm
        Reply

        I purposely use an older version of FF v59.0.2 and yet I get this message:

        “Please note that GitHub no longer supports old versions of Firefox.

        We recommend upgrading to the latest Safari, Google Chrome, or Firefox.”

        There may be valid reasons for Github to make this statement….but…still pi$$es me off.

      2. Coneiforme said on June 10, 2019 at 3:54 pm
        Reply

        Sadly that’s only available for Windows. I use the normal MPV but it causes tearing with KDE desktop environments so I am stuck with VLC for now. Is this the same people that dev Paint.net?

      3. schrodingercat said on June 10, 2019 at 8:21 pm
        Reply

        No. But if your are looking for an mpv front-end on linux, just try celluloid(formerly gnome-mpv).

  10. SlightlyAnnoyed said on June 6, 2019 at 5:46 pm
    Reply

    VLC needs to stop adding every file it plays to its playlist.
    If I wanted a playlist, I would make a playlist.
    Only way I avoid this is to close and restart the program after each file is played.
    Apart from that, it’s one of the best programs on any platform/OS.

    1. John Fenderson said on June 7, 2019 at 7:05 pm
      Reply

      @SlightlyAnnoyed: “VLC needs to stop adding every file it plays to its playlist.”

      This is really the only complaint I have about VLC. It seems to be a fairly common practice in media players overall, and I don’t understand why.

  11. Jeff said on June 6, 2019 at 6:42 pm
    Reply

    There’s nothing like MPC-BE right now for UI and features and Windows-specific optimizations. It even uses VLC’s AV1 decoder.

  12. Dilly Dilly said on June 6, 2019 at 7:18 pm
    Reply

    MPC-BE FTW, vlc has a few other options but that ui is terrible. Its been years since i installed it, does it still inject that ridiculous traffic cone onto all your media?

    1. ilev said on June 7, 2019 at 8:53 am
      Reply

      ” Its been years since i installed it” ?

      Who installs anything (apart from security software) and why ?
      Use portable.

      1. Dilly Dilly said on June 7, 2019 at 3:47 pm
        Reply

        70% of my software is portable like MPC-BE. Feel better now?

      2. John Fenderson said on June 10, 2019 at 7:01 pm
        Reply

        @ilev:

        I install software. I tend to dislike portable versions, although I do use them in certain specific circumstances.

  13. VLC Error Message Loop Freeze said on June 6, 2019 at 9:39 pm
    Reply

    I hope they have finally fixed the error message freeze loop when file is missing/have been removed from folder location, but still in the players list, it’s a 7 years old bug they haven’t been able to fix and I just some day ago had to look it up (again).

    Some info on the matter:
    https://forum.videolan.org/viewtopic.php?t=148232
    https://trac.videolan.org/vlc/ticket/5901

    ps. Just checking again using v4.0 it appears to have disappeared after reinstalling it, that was odd, but as one of the comments in the big post pointed out, it’s not there in v4.0, otherwise it feels very stable under Linux.

  14. Anonymous said on June 6, 2019 at 10:00 pm
    Reply

    Still Chromecast icon isnt showing !!!!!!

  15. Squuiid said on June 6, 2019 at 11:35 pm
    Reply

    If you want something more modern on a Mac then IINA is the way to go.
    Great VLC alternative IMO.

    https://iina.io

  16. ULBoom said on June 7, 2019 at 1:40 am
    Reply

    Pot Player. Very customizable, plays anything well, never crashes and can be extended a hundred ways.

    We used MPC, then MPC-HC for years until MPC-HC started to become flaky on Win 10, especially with 4K videos. Version 1.8.6 seems, at least subjectively, to play 4K and most all else a bit clearer than Pot Player but can’t keep it running long enough to really decide.

    I’ve tried many video players; the incomprehensible ones that were around during MPC’s early days and newer ones such as M Player, SM Player and VLC and can’t see any reason to leave Pot Player.

    Interfaces don’t matter to me much as long as common functions are easy to access and a player can be customized. A decade of MPC’s wayback machine interface was a pleasure; VLC’s orange cone is weird though, reminds me of Tux Cart for some reason.

  17. Pamela said on June 7, 2019 at 4:28 am
    Reply

    It must utterly confuse and perplex microsoft, facebook, google, et al, that VLC isn’t loaded with tracking, telemetry, PUPs and other privacy violating elements, doesn’t demand you “sign-in” to use it, doesn’t pop-up offers you may be interested in, doesn’t install candy crush saga, doesn’t reset all your settings to the worst options with every upgrade, doesn’t tell other people you’re using the software, isn’t a 25GB download, doesn’t require an active internet connection to use it.

    1. Yuliya said on June 7, 2019 at 8:02 am
      Reply

      VLC, 7-Zip; two fantastic programs which do nothing but to put the end-user in control. It is sad to see so many kids wanting to change this in return of some telemetry ridden, buggy and bloated alternatives. . . because these programs look and fucntion the same as they did a decade or more ago..? As if this would be a negative aspect. smh
      I bet someone somehwere is complaining about the wheel being circular and it is squeezing its uni-neuron to “engineer” a triangular one. Because the circular one is old by now and 3500BC are calling wanting their design back.

  18. John Malaperdas said on June 7, 2019 at 8:10 am
    Reply

    VLC? Buggy and Confusing (Options within options…).
    MPC-BE, MPC-HC, and Pot Player.

  19. owl said on June 7, 2019 at 4:24 pm
    Reply
  20. billybollox said on June 8, 2019 at 1:37 am
    Reply

    I have resisted using VLC for years because of the ugly cone.I installed it recently and did not associate the player with any extensions and voila,no cone in sight.Also it works perfectly with chromecast.

  21. Peterc said on June 8, 2019 at 5:05 am
    Reply

    I installed VLC at some point (maybe in Windows XP) and stuck with that for both audio and video for quite a while. A couple/few years ago, I switched to SMPlayer (in Windows 7) for video alone when I discovered that its video rendering and stability were *dramatically* superior to VLC’s (on my crappy old laptops with integrated graphics, at least). And that’s still where I am today, in both Windows 7 and Linux: VLC for audio and SMPlayer for video. (Oh, and I guess I use VLC for Android on my phone, but since I almost never watch video or listen to music on my phone, I don’t really care. If I traveled a lot more, maybe I would.)

    But silly me; I almost forgot to mention the most important issue by far: the traffic cone icon. I don’t have a problem with it. It’s readily identifiable and it’s not unduly obnoxious, and that’s pretty much all I care about. As for VLC’s old-school standard GUI, I can find everything I need to find in if, which is more than I can say for a lot of “modern” GUIs (and for a lot of “aesthetically pleasing” skins, as well). Besides, for video at least, who cares? Most of us probably watch video full-screen anyway. I like VLC’s playlist behavior more than SMPlayer’s (especially in Linux), except for the fact that when you relaunch SMPlayer, it restores whatever playlist it was running when you closed it, sparing you the hassle of having to save and reopen a playlist file. That comes in handy if you’ve just been enqueuing stuff ad hoc for a one-off viewing or listening run.

  22. Deo et Patriae said on June 8, 2019 at 6:47 pm
    Reply

    I tried a clean version 4 for a while from the link your provided… What was that abomination of an UI? Couldn’t even find “docked playlist” and the fonts are as bad as if it was made for Linux only.

  23. Barry Koostachin said on June 10, 2019 at 4:43 am
    Reply

    I had to go back to VLC 3.0.6, upgrading to 3.0.7 caused playback issues on my computer. Green bars showing the middle and the bottom of the screen, terrible audio. I will wait for 3.0.8. It’s friggin buggy at the moment, I hope they would fixed that issue.

  24. Bill said on June 10, 2019 at 6:17 pm
    Reply

    Same problem as above poster. Have to uninstall 3.0.7 and use the last working version.

  25. Yuliya said on June 12, 2019 at 12:13 pm
    Reply

    VLC 3.0.7.1 is available. Everything seems to work fine here.

    1. TelV said on June 12, 2019 at 7:12 pm
      Reply

      Seems to have fixed a couple more bugs: https://www.videolan.org/developers/vlc-branch/NEWS

  26. owl said on July 24, 2019 at 10:05 am
    Reply

    Serious vulnerabilities are found in “VideoLAN VLC media player 3.0.7.1”.
    It is recommended to remove this application until the fixed version is released.

    VLC Media Player Plagued By Unpatched Critical RCE Flaw | Threatpost |
    https://threatpost.com/vlc-media-player-plagued-by-unpatched-critical-rce-flaw/146611/

    ‘Critical’ Security Flaw Discovered in VLC Media Player |
    https://gizmodo.com/you-might-want-to-uninstall-vlc-immediately-1836641101

    Vorsicht: Kritische Schwachstelle in aktueller Version des VLC Media Player | heise online |
    https://www.heise.de/security/meldung/Vorsicht-Kritische-Schwachstelle-in-aktueller-Version-von-VLC-Media-Player-4475712.html

    CERT warnt vor kritischer Schwachstelle im neuesten VLC Media Player – WinFuture.de |
    https://winfuture.de/news,110171.html

    NVD – CVE-2019-13615 |
    https://nvd.nist.gov/vuln/detail/CVE-2019-13615

    Kurzinfo CB-K19/0634 |
    https://www.cert-bund.de/advisoryshort/CB-K19-0634

    #22474 (heap-buffer-overflow on demux_sys_t::FreeUnused) – VLC |
    https://trac.videolan.org/vlc/ticket/22474

    1. owl said on July 24, 2019 at 3:08 pm
      Reply

      About this topic, there is a most recent article by the following.
      Confusion about a recently disclosed vulnerability in VLC Media Player – gHacks Tech News |
      https://www.ghacks.net/2019/07/24/confusion-critical-vlc-media-player-vulnerability/
      by Martin Brinkmann on July 24, 2019

    2. Peterc said on July 24, 2019 at 3:36 pm
      Reply

      @owl: Commendable caution, but hold your horses, pard! It looks like it was a false alarm:

      ‘Critical’ Security Flaw Discovered in VLC Media Player
      https://gizmodo.com/you-might-want-to-uninstall-vlc-immediately-1836641101

      * * *

      [Update 8:35 AM] Based on a tweet by VideoLAN, VLC may not be as vulnerable as it initially appeared. VideoLAN says the “security issue” in VLC was caused by a third-party library called Libebml that was fixed 16 months ago, and that Mitre’s claim was based on a previous (and outdated) version of VLC.

      [The tweet in question:]

      About the “security issue” on #VLC : VLC is not vulnerable. tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago. VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.

      Thread: — VideoLAN (@videolan) July 24, 2019

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.