VLC Media Player 3.0.8 is a security update

Martin Brinkmann
Aug 19, 2019
Music and Video
|
29

VideoLAN, the organization behind one of the most popular media players VLC Media Player, released VLC Media Player 3.0.8 today.

VLC Media Player 3.0.8 is a security update that patches a total of 13 different security issues in the client.  The update is not related to a recently disclosed vulnerability that a too eager researcher attributed to VLC Media Player. It turned out that VLC was not vulnerable but that the researcher ran an older version of Ubuntu.

The update is not picked up yet by the player's automatic update function nor is it listed on the official VideoLAN website. It is available on the official Download VideoLAN download site for all supported operating systems, however.

vlc media player 3.0.8

You may download the new release and install it over the old. Whether you will do that right away or wait for the official release notification by VideoLAN is up to you. Cautious users may want to wait for the official announcement to download the new version either from the VideoLAN website or by using the application's integrated updater.

The new version of VLC patches the following issues in previous versions of the client application.

  • Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
  • Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
  • Fix a read buffer overflow in the FAAD decoder
  • Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
  • Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
  • Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
  • Fix a use after free in the ASF demuxer (CVE-2019-14533)
  • Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
  • Fix a null dereference in the dvdnav demuxer
  • Fix a null dereference in the ASF demuxer (CVE-2019-14534)
  • Fix a null dereference in the AVI demuxer
  • Fix a division by zero in the CAF demuxer (CVE-2019-14498)
  • Fix a division by zero in the ASF demuxer (CVE-2019-14535)

You may look up the vulnerabilities with CVE IDs, e.g. on https://cve.mitre.org/. Note that the issues are not available to the public at the time of writing.

VLC Media Player 3.0.8 is a security update first and foremost. The update makes other a handful of other non-security related changes as well:

  • Core: Fix stuttering for low framerate videos
  • Demux: Fix glitches in TS over HLS
  • Demux: Add real probing of HLS streams
  • Demux: Fix HLS MIME type fallback
  • Misc: Update Youtube script
  • Audio Output: Fix stuttering or blank audio when starting or seeking when using
    external audio devices (bluetooth for example)
  • Audio Output: Fix AV synchronization when using external audio devices on Mac OS.
  • Stream Output: Fix transcoding when the decoder does not set the chroma

Work on VLC Media Player 4.0 continues meanwhile as well.

Now You: When you do install security updates for your applications? (via Deskmodder)

Summary
VLC Media Player 3.0.8 is a security update
Article Name
VLC Media Player 3.0.8 is a security update
Description
VideoLAN, the organization behind one of the most popular media players VLC Media Player, released VLC Media Player 3.0.8 today.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Anonymous said on August 1, 2010 at 12:43 pm
    Reply

    Why not make use of the mplayer.conf?

  2. Mike J said on August 1, 2010 at 2:58 pm
    Reply

    Huh, I have never even seen this “font cache” pane; videos play at once for me, using VLC & XP SP3.

    1. Martin said on August 1, 2010 at 3:39 pm
      Reply

      Mike, in theory this should have only been displayed once to you, at the very first video that you played with VLC. The time this window is displayed depends largely on the number of fonts in your font directory.

      1. Mike J said on August 2, 2010 at 2:30 pm
        Reply

        huh, I lucked out for a change?? Amazing!!
        Apparently VLC keeps this info through version updates, but I didn’t see this message after a fresh OS install about 8 weeks ago, & a new VLC.

  3. myo said on August 1, 2010 at 5:52 pm
    Reply

    yes, yes, i have the same problem. sometimes, VLC crashes when it is playing .mov file.

  4. Kishore said on August 13, 2010 at 2:55 pm
    Reply

    Error:
    Buidling font Cache pop-up

    Solution:

    Open VLC player.

    On Menu Bar:

    Tools
    Preferences

    (at bottom – left side)
    Show settings — ALL

    Open: Video
    Click: Subtitles/OSD (This is now highlited, not opened)
    Text rendering module – change this to “Dummy font renderer function”

    Save
    Exit

    Re-open – done.
    Progam will no longer look outside self for fonts

    Source – WorthyTricks.co.cc

    1. Martin said on August 13, 2010 at 3:10 pm
      Reply

      Great tip, thanks a lot Kishore.

  5. javier said on August 14, 2010 at 1:50 pm
    Reply

    @Kishore, I’ll try your tips, but does this mean it will no longer show subtitles either?
    I do use subtitles, but the fontcache dialog box pops up (almost) everytime I play a file.

    Could this be related to the fonts I have installed? Or if I add/remove fonts to my system?

    I’ll try to do a fresh install also, if your tips does no work. I’ll post back here later…

    /thanks
    /j

  6. Kishore said on August 15, 2010 at 12:38 pm
    Reply

    @ Javier, The trick i posted will show up subtitles too. If not,

  7. Kishore said on August 15, 2010 at 12:39 pm
    Reply

    @ Javier, The trick i posted will show up subtitles too. If not,Dont worry, VLC is currently sorting out this issue and the next version will be out soon.

    No probs @ Martin !! Its my pleasure

  8. Ted said on October 22, 2010 at 3:57 am
    Reply

    Try running LC with administrator privileges. That seemed to fix it for me

  9. Evan said on December 8, 2013 at 1:48 am
    Reply

    I am using SMplayer 0.8.6 (64-bit) (Portable Edition) on Windows 7 x64. Even with the -nofontconfig parameter in place SMplayer still scans the fonts. Also, I have enabled normal subtitles and it is still scanning fonts before playing a video. Also, it does this every time the player opens a video after a system restart (only the fist video played).

  10. Mike Williams said on September 6, 2023 at 1:26 pm
    Reply

    Does that mean that only instrumental versions of songs will be available for non-paying users?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.