VLC Media Player 3.0.7 released: security updates and improvements
A new version of the cross-platform multimedia application VLC Media Player hast been released today. VLC Media Player 3.0.7 is a minor update that fixes security issues and includes some improvements and updates to components.
The release of VLC Media Player 3.0.7 has not been announced officially but interested users may download the new version already from the official download site of the project. Just install the new version over the existing installation to update the player to the new version.
Tip: you can check the installed version by selecting Help > About.
VLC Media Player 3.0.7: what is new
The new version is a security update first and foremost. The changelog lists more than two dozen fixes in demuxers and decoders, as well as other program components. Many fix buffer and integer overflows in these components but the update addresses a floating point exception, an infinite loop issue, a NULL pointer dereference, an integer underflow, as well as multiple use after free issues in VLC Media Player.
VLC 3.0.7 features several improvements next to that. The developers improved the player's Blu-Ray support in the new version. VLC can play video discs including DVD and Blu-Ray formats; the changelog does not list what has been improved in regards to Blu-Ray support, however.
Other improvements in the new version include improved MP4 demux support, better Chromecast support with new Chromecast applications, updates for various Internet media services such as YouTube, Soundcloud, Dailymotion, and Vimeo, and translation improvements.
The new version fixes several issues of previous versions including a crash on iOS, audio and video output issues, as well as video distortion on Mac OS Mojave.
VideoLAN, the company behind VLC Media Player, continues its work on VLC Media Player 4.0 in the meantime, the next major release of the multimedia player. We reviewed a preview version of the upcoming player in February 2019. The new version comes with new features and improvements, but drops support for older operating system versions.
Closing Words
VLC Media Player 3.0.7 should be announced soon officially. Users who don't want to wait can download the new version already to update existing installations.
Now You: Which media player do you use, and why? (via Deskmodder)
I like mpc-hc with k-lite, seems to work with least resources and best image quality.
Last official version is from 2017. Any alternative newer version available?
https://github.com/clsid2/mpc-hc/releases
MPC-BE might still be developed but I haven’t checked in a while as I use a nix machine with VLC and MPV now.
1994 called, it wants its UI back.
I don’t really mind the user interface as long as the program is good.
I want both, a good program and a nice UI. Luckily there are other options out there for me. Still, it bugs the hell out of me when I see ancient looking programs.. Maybe they think that’s their niche’, their “thing”: “We looked like garbage 20 years ago, and still do. We rock!” FINE! Be that way! Now get off my lawn. =)
@Bobo: “We looked like garbage 20 years ago, and still do.”
You don’t like that style of UI. Fair enough, then use a different skin.
However, whether or not it “looks like garbage” is a purely subjective call, and I’ll bet the VideoLan devs and a substantial portion of VLC users don’t think it looks like garbage at all.
Also, how old the design is has literally nothing to do with whether or not it’s good.
@Bobo and @John Fenderson VLC 4 does come with a redesigned UI as ghacks documented: https://www.ghacks.net/2019/02/06/vlc-media-player-4-0/
https://imgur.com/Y0zY1oG
Seriously, what garbage are you talking about? It’s a native Win32 UI.
Who cares about the UI on a video program as long as you know what everything means?
UI is not for fashion but apparently Bobo doesn’t get that. Classic Shell, VLC, 7-Zip all enormously popular apps – downloads in several hundred millions despite “1990s UI”. In fact they focus on good usability, not fancy hard to decipher icon-only buttons like Windows 10.
I rather like the UI. It’s efficient, unobtrusive and flat. Sort of timeless. Back in my Windows days I tried a few more players, and some looked like something out of a video game… I’m trying to watch the video, not the interface! Right now on my computer it’s VLC and SMPlayer and on my phone VLC (though I have custom launcher and icons so I don’t have to look at that traffic cone).
@Bobo:
I’ll take that GUI style over what the current fashion is any day.
The UI is perfectly. There is a lot of customization options and even skinning. If it ain’t broke don’t fix it. Would you rather half-assed app with zero functionality like the apps we see on Windows 10?
I don’t understand, what exactly is wrong with VLC’s current UI. Could you show us?
Clean lines never ever go out of style, kid.
@Bobo
While in VLC, press F. That is the only GUI that matters when using video apps. VLC’s user interaction is fully controlled by simple, fairly well thought out one click keyboard commands.
PS: Thanks for this article Martin, I was just now finalizing a new laptop for my wife, which was going to have 3.0.6 portable. Timely info like this tis why we love ghacks.
Can’t even remember the last time I had VLC on my system.
Been using mpv for quite a long time on Windows and I’m happy with it.
I wish they allowed to customize the theme and icons of VLC. It’s a great program, but the traffic cone thing is ugly for corporate environments.
Still using VLC v3.0. I’ve intigrated it with an old version of plex (on an old version of FF) in the living room so we have a nice library UI. (for local files only)
I posted instructions (not a tutorial) how to set it up over on the plex forums.
https://forums.plex.tv/t/how-i-make-plex-use-vlc-to-play-movies-local-files/361131
Er……..? https://www.videolan.org/vlc/skins.html
Most of those are ancient and unsuported and objectively ugly…
On deviantart there are some good skins. But I always return to the native style
You are correct, I’d not realized how broken the ones I have are.
Going to check out DA…thanks.
@Coneiforme:
There’s no such thing as “objectively ugly”. Also, why does whether or not it’s “supported” matter when it comes to a skin?
Exactly, that’s how ugly some are. If they are not supported it causes incompatibilities with new features/menus, bugs, etc and in worst case scenario, crashes.
I myself prefer mpv.net, which is based on mpv with all the benefits of the media player plus extras like GUI for settings.
https://mpv-net.github.io/mpv.net-web-site/
I have 3.0.6 installed. I used the check for update. It tells me I have the latest version installed. They must not have updated something in their update check.
he did say it’s not announced. a look at the ftp page (go back 1 level from his link) shows 3.0.6 as the latest revealed version.. so someone must have been doing some digging to find that link
I can’t agree more Martin.
That’s why I still use Winamp to play MP3s.
Can’t wait to get a stable of 4.0 with the new, non obsolete interface.
here is your non obsolete interface bro – https://github.com/stax76/mpv.net/releases/tag/4.0
I purposely use an older version of FF v59.0.2 and yet I get this message:
“Please note that GitHub no longer supports old versions of Firefox.
We recommend upgrading to the latest Safari, Google Chrome, or Firefox.”
There may be valid reasons for Github to make this statement….but…still pi$$es me off.
Sadly that’s only available for Windows. I use the normal MPV but it causes tearing with KDE desktop environments so I am stuck with VLC for now. Is this the same people that dev Paint.net?
No. But if your are looking for an mpv front-end on linux, just try celluloid(formerly gnome-mpv).
VLC needs to stop adding every file it plays to its playlist.
If I wanted a playlist, I would make a playlist.
Only way I avoid this is to close and restart the program after each file is played.
Apart from that, it’s one of the best programs on any platform/OS.
@SlightlyAnnoyed: “VLC needs to stop adding every file it plays to its playlist.”
This is really the only complaint I have about VLC. It seems to be a fairly common practice in media players overall, and I don’t understand why.
There’s nothing like MPC-BE right now for UI and features and Windows-specific optimizations. It even uses VLC’s AV1 decoder.
MPC-BE FTW, vlc has a few other options but that ui is terrible. Its been years since i installed it, does it still inject that ridiculous traffic cone onto all your media?
” Its been years since i installed it” ?
Who installs anything (apart from security software) and why ?
Use portable.
70% of my software is portable like MPC-BE. Feel better now?
@ilev:
I install software. I tend to dislike portable versions, although I do use them in certain specific circumstances.
I hope they have finally fixed the error message freeze loop when file is missing/have been removed from folder location, but still in the players list, it’s a 7 years old bug they haven’t been able to fix and I just some day ago had to look it up (again).
Some info on the matter:
https://forum.videolan.org/viewtopic.php?t=148232
https://trac.videolan.org/vlc/ticket/5901
ps. Just checking again using v4.0 it appears to have disappeared after reinstalling it, that was odd, but as one of the comments in the big post pointed out, it’s not there in v4.0, otherwise it feels very stable under Linux.
Still Chromecast icon isnt showing !!!!!!
If you want something more modern on a Mac then IINA is the way to go.
Great VLC alternative IMO.
https://iina.io
Pot Player. Very customizable, plays anything well, never crashes and can be extended a hundred ways.
We used MPC, then MPC-HC for years until MPC-HC started to become flaky on Win 10, especially with 4K videos. Version 1.8.6 seems, at least subjectively, to play 4K and most all else a bit clearer than Pot Player but can’t keep it running long enough to really decide.
I’ve tried many video players; the incomprehensible ones that were around during MPC’s early days and newer ones such as M Player, SM Player and VLC and can’t see any reason to leave Pot Player.
Interfaces don’t matter to me much as long as common functions are easy to access and a player can be customized. A decade of MPC’s wayback machine interface was a pleasure; VLC’s orange cone is weird though, reminds me of Tux Cart for some reason.
It must utterly confuse and perplex microsoft, facebook, google, et al, that VLC isn’t loaded with tracking, telemetry, PUPs and other privacy violating elements, doesn’t demand you “sign-in†to use it, doesn’t pop-up offers you may be interested in, doesn’t install candy crush saga, doesn’t reset all your settings to the worst options with every upgrade, doesn’t tell other people you’re using the software, isn’t a 25GB download, doesn’t require an active internet connection to use it.
VLC, 7-Zip; two fantastic programs which do nothing but to put the end-user in control. It is sad to see so many kids wanting to change this in return of some telemetry ridden, buggy and bloated alternatives. . . because these programs look and fucntion the same as they did a decade or more ago..? As if this would be a negative aspect. smh
I bet someone somehwere is complaining about the wheel being circular and it is squeezing its uni-neuron to “engineer” a triangular one. Because the circular one is old by now and 3500BC are calling wanting their design back.
VLC? Buggy and Confusing (Options within options…).
MPC-BE, MPC-HC, and Pot Player.
VLC Skins:
VLT DeepDark
https://addons.videolan.org/p/1008199/#files-panel
I have resisted using VLC for years because of the ugly cone.I installed it recently and did not associate the player with any extensions and voila,no cone in sight.Also it works perfectly with chromecast.
I installed VLC at some point (maybe in Windows XP) and stuck with that for both audio and video for quite a while. A couple/few years ago, I switched to SMPlayer (in Windows 7) for video alone when I discovered that its video rendering and stability were *dramatically* superior to VLC’s (on my crappy old laptops with integrated graphics, at least). And that’s still where I am today, in both Windows 7 and Linux: VLC for audio and SMPlayer for video. (Oh, and I guess I use VLC for Android on my phone, but since I almost never watch video or listen to music on my phone, I don’t really care. If I traveled a lot more, maybe I would.)
But silly me; I almost forgot to mention the most important issue by far: the traffic cone icon. I don’t have a problem with it. It’s readily identifiable and it’s not unduly obnoxious, and that’s pretty much all I care about. As for VLC’s old-school standard GUI, I can find everything I need to find in if, which is more than I can say for a lot of “modern” GUIs (and for a lot of “aesthetically pleasing” skins, as well). Besides, for video at least, who cares? Most of us probably watch video full-screen anyway. I like VLC’s playlist behavior more than SMPlayer’s (especially in Linux), except for the fact that when you relaunch SMPlayer, it restores whatever playlist it was running when you closed it, sparing you the hassle of having to save and reopen a playlist file. That comes in handy if you’ve just been enqueuing stuff ad hoc for a one-off viewing or listening run.
I tried a clean version 4 for a while from the link your provided… What was that abomination of an UI? Couldn’t even find “docked playlist” and the fonts are as bad as if it was made for Linux only.
I had to go back to VLC 3.0.6, upgrading to 3.0.7 caused playback issues on my computer. Green bars showing the middle and the bottom of the screen, terrible audio. I will wait for 3.0.8. It’s friggin buggy at the moment, I hope they would fixed that issue.
Same problem as above poster. Have to uninstall 3.0.7 and use the last working version.
VLC 3.0.7.1 is available. Everything seems to work fine here.
Seems to have fixed a couple more bugs: https://www.videolan.org/developers/vlc-branch/NEWS
Serious vulnerabilities are found in “VideoLAN VLC media player 3.0.7.1”.
It is recommended to remove this application until the fixed version is released.
VLC Media Player Plagued By Unpatched Critical RCE Flaw | Threatpost |
https://threatpost.com/vlc-media-player-plagued-by-unpatched-critical-rce-flaw/146611/
‘Critical’ Security Flaw Discovered in VLC Media Player |
https://gizmodo.com/you-might-want-to-uninstall-vlc-immediately-1836641101
Vorsicht: Kritische Schwachstelle in aktueller Version des VLC Media Player | heise online |
https://www.heise.de/security/meldung/Vorsicht-Kritische-Schwachstelle-in-aktueller-Version-von-VLC-Media-Player-4475712.html
CERT warnt vor kritischer Schwachstelle im neuesten VLC Media Player – WinFuture.de |
https://winfuture.de/news,110171.html
NVD – CVE-2019-13615 |
https://nvd.nist.gov/vuln/detail/CVE-2019-13615
Kurzinfo CB-K19/0634 |
https://www.cert-bund.de/advisoryshort/CB-K19-0634
#22474 (heap-buffer-overflow on demux_sys_t::FreeUnused) – VLC |
https://trac.videolan.org/vlc/ticket/22474
About this topic, there is a most recent article by the following.
Confusion about a recently disclosed vulnerability in VLC Media Player – gHacks Tech News |
https://www.ghacks.net/2019/07/24/confusion-critical-vlc-media-player-vulnerability/
by Martin Brinkmann on July 24, 2019
@owl: Commendable caution, but hold your horses, pard! It looks like it was a false alarm:
‘Critical’ Security Flaw Discovered in VLC Media Player
https://gizmodo.com/you-might-want-to-uninstall-vlc-immediately-1836641101
* * *
[Update 8:35 AM] Based on a tweet by VideoLAN, VLC may not be as vulnerable as it initially appeared. VideoLAN says the “security issue†in VLC was caused by a third-party library called Libebml that was fixed 16 months ago, and that Mitre’s claim was based on a previous (and outdated) version of VLC.
[The tweet in question:]
About the “security issue” on #VLC : VLC is not vulnerable. tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago. VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
Thread: — VideoLAN (@videolan) July 24, 2019