VLC 3.0.7 and below vulnurable to fake video files that can TAKE OVER YOUR WHOLE SYSTEM

Any decent package manager will update it, even automatically if you tell it to.

videolan.org/security/sa1901.html
videolan.org/security/sa1901.html
videolan.org/security/sa1901.html
videolan.org/security/sa1901.html
videolan.org/security/sa1901.html

This is legit.

3.0.6 and under users are waiting to be infected by a malicious video file.

Attached: barrel-monster-434x499-755052.jpg (434x499, 45K)

imagine boasting about updating software as your life's accomplishment

what's going on in your life, op?

Sounds like wintoddler shit.

>as your life's accomplishment
Funny, I don't see this in the OP. Enjoy getting infected, VLC user.

ok fag

It's a large cone.

>VLC

Attached: 1553214957650.jpg (450x444, 23K)

don't have this problem with mpc-hc

At this stage, I hope someone hacks my computer, so I can get a qt hacker gf

Don't care, I use Linus

>A remote user can create some specially crafted avi or mkv files that
Fuck I have torrented one .avi file and shitload of movies in .mkv can I somehow check these files if they contain embedded codes?

Attached: 1494791593618.png (394x397, 226K)

>absolute state of nu-Jow Forums

>t. VLCuck

>3.0.4
I only used it for occasionally checking compatibility with my releases.
MPC-HC master race.

Attached: Untitled.png (499x388, 10K)

hwo to get the fcolors to show up correctly in mpchc

>mpv
>last updated Oct 3, 2018

What's a fcolor?

>MPC-HC
Literally: Micro Penis C u c k - High Cunt

>I'm on 2.2.5.1
>browser going slow
>can't connect to some sites anymore

Attached: 1548449175393.jpg (199x199, 4K)

Not gonna update from 2.2.6 because the new interface looks like ass

Why aren't you blocking inbound & outbound executables you don't want connecting to or from in you firewall?

Attached: f4c.jpg (380x380, 37K)

this type of attack vector has existed since cavemen, just stay up to date

luckily i use fedora

how do shot web?

Attached: lul.png (373x368, 29K)

>Why don't they make it auto update like every other program that doesn't suck?
But they do? You just have to accept it

It just works

The Apple Macbook Pro with Retina Display doesn't have this problem.

I use VLC to watch streams, because it's lightweight and tends to perform pretty well.

Is that the thing where some videos play with really fucked up colors? Like purple/green/orange eyebleed shit? I fixed that by uninstalling KCP (and madVR) and just using MPC-BE by itself with whatever renderer shit it uses. It may just be madVR that needs updated but I haven't bothered since I don't watch a lot of movies or anime anyway.

are you tarted

Attached: Screenshot_20190624-065838_Firefox.jpg (1080x1036, 339K)

>I use VLC to watch streams, because it's lightweight and tends to perform pretty well.
So mpv but not as good, basically?

please tell me this only effects windows users?

All VLC users are being told to upgrade.

sure if you have autism

>achieve arbitrary code execution with the same privileges as of the target user on the system

So as long as I'm not root I'm good right? What can they do as a regular user?

VLC users are fucked if they torrent. Any mkv or avi can be maliciously crafted with no way to trigger AV.

pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/

Attached: Screenshot_2019-06-24 Double-Free RCE in VLC A honggfuzz how-to Pen Test Partners.png (697x276, 33K)

Run a local privilege escalation attack on your system, which depending on your OS and updates are a dime a dozen.

Delete and edit your files and info stored in your home directory

Man I'm glad I didn't listen to people who said to use VLC.

Attached: Screenshot_2019-06-24 VLC Media Player Can Be Exploited To Hack Your PC.png (682x136, 9K)

So basically, anybody can create a malicious stream link, get retards on Jow Forums who don't update VLC to click it, and cause a crash that gives them admin privileges?

HAHAHAHAHAHAAHAHAHAHAH

Or encrypt those files, good for people writing a thesis without backups.

but I was opening some weird porn hls streams yesterday...am i going to be ok?

Attached: 1530004899935.jpg (1030x1060, 160K)

imagine using freetard software LMAO

then download a superior player that is Jow Forums approved like mpc-hc or mpv

??

Attached: Program Manager.png (1302x858, 934K)

>today user learned about malformed files

I do fucking hate the interface of VLC 4 and I hope this shit will be optional.

Attached: Untitled.png (1573x944, 987K)

It's just that since the 3.XX versions came out, the Left-Right balance is out of true.
Voices are heard louder on the right channel than on the left if you're watching a video.
I tested this out on my two hardware wise totally different computers as well as on my wifes laptop and i also tested this under Linux Mint, macOS, Win7 and Win10.
The 2.XX versions don't have this problem.

>anti thread created by forever alone
You don't have the experience to make a valid recommendation, vlc is fine.

who the fuck uses vlc

IIRC, older versions had broken auto-updaters.

My trust.zone VPN stopped connecting, it just cuts my internet off and doesn't fully boot. Windscribe keeps kicking me off then reconnecting every 40-45 seconds. My connection and speed is perfect when I'm not running either. This happened just a few hours ago after I opened a fresh download. Have I been hacked?

Attached: 1559986024485.jpg (587x740, 66K)

downdetector.com/status/level3/map/

>using VPNs based in FVEY

No, pay me 500$ or I'll release the about your ''interesting'' porn taste to your family, friends and employer. You have 24 hours

I hate this laptop

Attached: 1555098610361.jpg (804x802, 85K)

Just download and install mpv.net, the best media player on Windows right now.

Attached: mpvnet4.0.png (1282x766, 13K)

Looks and works like vanilla mpv with the addition of having a context menu and better default keybindings.

Attached: Menu.png (1764x1417, 1.27M)

You can configure the settings either by command-line or editing the text file like vanilla mpv. It also includes a GUI for settings.

Attached: ConfEditor.png (2070x1485, 212K)

MPV's "UI" is fucking trash though.

Attached: Grigory Leps & Ani Lorak - Zerkala (Official Video)-EEw0zLn4pyU.mp4 - mpv.png (1320x797, 357K)

It can be integrated with Everything to search media files.

Attached: MediaSearch.png (1800x900, 125K)

Tell me user, if i enter the menu named"Video", "Audio" and Subtitle, can i then read the stuff i named the different video, sound and sub text files with?

I do name them on each movie or TV-Episode after Codec and bitrate they have.

>MPV's "UI" is fucking trash though.
That's literally all you need. You VLC fags like bloat.

Give mpv.net a try and see that even on default settings the video quality is better than VLC and MPC.

mpv-net.github.io/mpv.net-web-site/

Attached: mpvnet.png (256x256, 7K)

>have to literally shut down the program to adjust basic options like deinterlacing
eat shit and die, mpvtard

Looks fine to me

You can toggle deinterlacing by pressing d.

no

>the first high-severity vulnerability is a double-free
>The second high-risk flaw, (...) is a read-buffer overflow
>Cniles in Jow Forums still claim that memory bugs don't happen anymore and are unimportant
Hmmmmmmm

>Open Source software is secur-

PRIS11F3

update

Attached: 1556433849294.png (510x348, 19K)

>nu-Jow Forums literally defends a video player that has the same metro flat shit UI that Jow Forums also hates on Applel, Google, and Microsoft for

Attached: 1541739682970.png (500x737, 522K)

That UI is so fucking bad holy shit

>metro flat shit UI
imagine being this blind. you don't even know what that is. mpv doesn't have that.

have you seen VLC 4? there's your metro.

sorry my video player doesn't look like a toddler mobile interface bro.

Attached: 1552638629361.png (1292x914, 103K)

yes it does, and the funny thing is you can't update mpc anymore

>the funny thing is you can't update mpc anymore
it's been forked. I updated 3 weeks ago.

This. That's why you should use ffplay.

>lol it just werks! I still run VLC 2.9.1!!!
Try 2.2.1.

Attached: tH2Q2OF.jpg (480x480, 30K)

>check my version
>2.2.1
Seriously though, how fucked am I?

Attached: Capture2.png (760x415, 97K)

>not fire jailing your video player
heh

>vlc is already the newest version (3.0.4-2build1).
based apt

>What do retards on Jow Forums usually say about updating their video player again?
ppl say this about utorrent
not vlc

no it hasn't
some unused git page doesn't mean shit

2.2.8 chad reporting in
No plans to update to any version after this that's riddled with horrible ui scaling, I only use it for music

Attached: 2.2.8.png (744x378, 76K)

if you think vagina is not disgusting you're a virgin

>Very Lousy Code

Current version is 3.0.7.1

Consider yourself fooked, my beauty.