proudly powered by 3dfxzone.it |
News | Headlines | Ricerca |
|
VLC Media Player 3.0.7 |
We just released VLC 3.0.7, a minor update of VLC branch 3.0.x. This release is a bit special, because it has more security issues fixed than any other version of VLC. This high number of security issues is due to the sponsoring of a bug bounty program funded by the European Commission, during the FOSSA program. SeverityAccording to our scale, we have had 33 valid security issues fixed thanks to this program:
The 2 more important issues are an Out-of-Bound Write and a Stack Buffer Overflow. the Out-of-Bound Write is not in the VLC codebase, but in a dependency of VLC, the faad2 library, unmaintained, unfortunately. the Stack Buffer Overflow is a VLC 4.0-only issue in the new RIST module, and is therefore not impacting actual release of VLC. The medium security issues are mostly out-of-band reads, heap overflows, NULL-dereference and use-after-free security issues. Those issues should not be exploitable with ASLR, but are important anyway, because they can crash VLC. The low security issues are mostly integer overflow, division by zero, and other out-of-band reads with no actual impact. Those issues are not exploitable. |
Versione per desktop di unixzone.it
Copyright 2024 - unixzone.it - E' vietata la riproduzione del contenuto informativo e grafico. Note Legali. Privacy