Partager à toutes et tous (enfin ceux que ça intéresse) ce que je note sur le net

Aller au contenu | Aller au menu | Aller à la recherche

Vous avez VLC version < 3.0.7 ? Mettez à jour !

Le site officiel parce qu'il traine des fake à la con.

Je cite:

That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.

Et les explication chez VLC (Affected versions : VLC media player 3.0.6 and earlier)


A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively


If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer vlc-media-player-hacking.jpg

Note: je vais poster plus de 3 Tranches par jour ces prochains temps, j'ai un peu trop de trucs dans ma liste "à poster"