VLC Media Player 3.0.8 is a security update

VideoLAN, the organization behind one of the most popular media players VLC Media Player, released VLC Media Player 3.0.8 today.
VLC Media Player 3.0.8 is a security update that patches a total of 13 different security issues in the client. The update is not related to a recently disclosed vulnerability that a too eager researcher attributed to VLC Media Player. It turned out that VLC was not vulnerable but that the researcher ran an older version of Ubuntu.
The update is not picked up yet by the player's automatic update function nor is it listed on the official VideoLAN website. It is available on the official Download VideoLAN download site for all supported operating systems, however.
You may download the new release and install it over the old. Whether you will do that right away or wait for the official release notification by VideoLAN is up to you. Cautious users may want to wait for the official announcement to download the new version either from the VideoLAN website or by using the application's integrated updater.
The new version of VLC patches the following issues in previous versions of the client application.
- Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the FAAD decoder
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
- Fix a null dereference in the dvdnav demuxer
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a null dereference in the AVI demuxer
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
You may look up the vulnerabilities with CVE IDs, e.g. on https://cve.mitre.org/. Note that the issues are not available to the public at the time of writing.
VLC Media Player 3.0.8 is a security update first and foremost. The update makes other a handful of other non-security related changes as well:
- Core: Fix stuttering for low framerate videos
- Demux: Fix glitches in TS over HLS
- Demux: Add real probing of HLS streams
- Demux: Fix HLS MIME type fallback
- Misc: Update Youtube script
- Audio Output: Fix stuttering or blank audio when starting or seeking when using
external audio devices (bluetooth for example) - Audio Output: Fix AV synchronization when using external audio devices on Mac OS.
- Stream Output: Fix transcoding when the decoder does not set the chroma
Work on VLC Media Player 4.0 continues meanwhile as well.
Now You: When you do install security updates for your applications? (via Deskmodder)


Why not make use of the mplayer.conf?
Huh, I have never even seen this “font cache” pane; videos play at once for me, using VLC & XP SP3.
Mike, in theory this should have only been displayed once to you, at the very first video that you played with VLC. The time this window is displayed depends largely on the number of fonts in your font directory.
huh, I lucked out for a change?? Amazing!!
Apparently VLC keeps this info through version updates, but I didn’t see this message after a fresh OS install about 8 weeks ago, & a new VLC.
yes, yes, i have the same problem. sometimes, VLC crashes when it is playing .mov file.
Error:
Buidling font Cache pop-up
Solution:
Open VLC player.
On Menu Bar:
Tools
Preferences
(at bottom – left side)
Show settings — ALL
Open: Video
Click: Subtitles/OSD (This is now highlited, not opened)
Text rendering module – change this to “Dummy font renderer function”
Save
Exit
Re-open – done.
Progam will no longer look outside self for fonts
Source – WorthyTricks.co.cc
Great tip, thanks a lot Kishore.
@Kishore, I’ll try your tips, but does this mean it will no longer show subtitles either?
I do use subtitles, but the fontcache dialog box pops up (almost) everytime I play a file.
Could this be related to the fonts I have installed? Or if I add/remove fonts to my system?
I’ll try to do a fresh install also, if your tips does no work. I’ll post back here later…
/thanks
/j
@ Javier, The trick i posted will show up subtitles too. If not,
@ Javier, The trick i posted will show up subtitles too. If not,Dont worry, VLC is currently sorting out this issue and the next version will be out soon.
No probs @ Martin !! Its my pleasure
Try running LC with administrator privileges. That seemed to fix it for me
I am using SMplayer 0.8.6 (64-bit) (Portable Edition) on Windows 7 x64. Even with the -nofontconfig parameter in place SMplayer still scans the fonts. Also, I have enabled normal subtitles and it is still scanning fonts before playing a video. Also, it does this every time the player opens a video after a system restart (only the fist video played).
Does that mean that only instrumental versions of songs will be available for non-paying users?