[www-doc] [Git][VideoLAN.org/websites][master] security: add bulletins for VLC 3.0.21 and VLC-iOS 3.5.9
Jean-Baptiste Kempf (@jbk)
gitlab at videolan.org
Mon Jun 10 13:15:40 UTC 2024
Jean-Baptiste Kempf pushed to branch master at VideoLAN organization / websites
Commits:
55e1b613 by Felix Paul Kühne at 2024-06-10T13:37:58+02:00
security: add bulletins for VLC 3.0.21 and VLC-iOS 3.5.9
- - - - -
3 changed files:
- www.videolan.org/security/index.php
- + www.videolan.org/security/sb-vlc-ios359.php
- + www.videolan.org/security/sb-vlc3021.php
Changes:
=====================================
www.videolan.org/security/index.php
=====================================
@@ -19,6 +19,17 @@
<div class="col-md-6">
<h2>VLC releases Security Bulletins <em>(SB)</em></h2>
<p>Those bulletins are related to each VLC release and can be made of multiple security issues, internal and external.</p>
+ <h3>2024</h3>
+ <dl>
+ <dt>VideoLAN-SB-VLC-321</dt>
+ <dd>Vulnerability fixed in VLC media player 3.0.21
+ <a href="sb-vlc3021.html">Details</a>
+ </dd>
+ <dt>VideoLAN-SB-VLC-iOS-359</dt>
+ <dd>Vulnerability fixed in VLC-iOS 3.5.9
+ <a href="sb-vlc-ios359.html">Details</a>
+ </dd>
+ </dl>
<h3>2023</h3>
<dl>
<dt>VideoLAN-SB-VLC-320</dt>
=====================================
www.videolan.org/security/sb-vlc-ios359.php
=====================================
@@ -0,0 +1,53 @@
+<?php
+ $title = "VideoLAN Security Bulletin VLC-iOS 3.5.9";
+ $lang = "en";
+ $menu = array( "vlc" );
+ $body_color = "red";
+ require($_SERVER["DOCUMENT_ROOT"]."/include/header.php");
+?>
+
+
+<div id="fullwidth">
+
+<h1>Security Bulletin VLC-iOS 3.5.9</h1>
+<pre>
+Summary : Vulnerability fixed in VLC media player
+Date : June 2024
+Affected versions : VLC-iOS 3.5.7 and earlier
+ID : VideoLAN-SB-VLC-iOS-359
+</pre>
+
+<h2>Details</h2>
+<p>A potential path traversal via the included WiFi File Sharing feature could be used for arbitrary data uploads by malicious parties on the local network to storage locations invisible to the user within the application context.</p>
+
+<h2>Impact</h2>
+<p>If successful, a malicious third party could trigger a denial-of-service of the device to due exceeeded storage space or implications of existance of arbitrary data. No read access was possible to third party. No write access outside the application container was possible.</p>
+<p>We have not seen exploits through this vulnerability.</p>
+<p>The tvOS port of the app was not affected.</p>
+<br />
+
+<h2>Threat mitigation</h2>
+<p>Exploitation of this issue requires the user to explicitly start WiFi File Sharing on a local network with potential malicious actors.</p>
+
+<h2>Workarounds</h2>
+<p>The user should refrain from enabling WiFi File sharing on local networks with potential malicious actors until the update is installed.</p>
+
+<h2>Solution</h2>
+<p>VLC-iOS <b>3.5.9</b> addresses the issue.</p>
+
+<h2>Credit</h2>
+<p>Reported by Allar Lauk of TalTech University (Estonia)</p>
+
+<h2>References</h2>
+<dl>
+<dt>The VideoLAN project</dt>
+<dd><a href="//www.videolan.org/">http://www.videolan.org/</a>
+</dd>
+<dt>VLC-iOS GIT repository</dt>
+<dd><a href="https://code.videolan.org/videolan/vlc-ios.git">https://code.videolan.org/videolan/vlc-ios.git</a>
+</dd>
+</dl>
+
+</div>
+
+<?php footer('$Id$'); ?>
=====================================
www.videolan.org/security/sb-vlc3021.php
=====================================
@@ -0,0 +1,53 @@
+<?php
+ $title = "VideoLAN Security Bulletin VLC 3.0.21";
+ $lang = "en";
+ $menu = array( "vlc" );
+ $body_color = "red";
+ require($_SERVER["DOCUMENT_ROOT"]."/include/header.php");
+?>
+
+
+<div id="fullwidth">
+
+<h1>Security Bulletin VLC 3.0.21</h1>
+<pre>
+Summary : Vulnerability fixed in VLC media player
+Date : June 2024
+Affected versions : VLC media player 3.0.20 and earlier
+ID : VideoLAN-SB-VLC-3021
+</pre>
+
+<h2>Details</h2>
+<p>A denial of service through a potential integer overflow could be triggered with a maliciously crafted mms stream (heap based overflow)</p>
+
+<h2>Impact</h2>
+<p>If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.</p>
+<p>While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.</p>
+<p>We have not seen exploits performing code execution through this vulnerability.</p>
+<br />
+
+<h2>Threat mitigation</h2>
+<p>Exploitation of those issues requires the user to explicitly open a maliciously crafted mms stream.</p>
+
+<h2>Workarounds</h2>
+<p>The user should refrain from opening mms streams from untrusted third parties (or disable the VLC browser plugins), until the patch is applied.</p>
+
+<h2>Solution</h2>
+<p>VLC media player <b>3.0.21</b> addresses the issue.</p>
+
+<h2>Credits</h2>
+<p>Reported by Andreas Fobian of Mantodea Security GmbH</p>
+
+<h2>References</h2>
+<dl>
+<dt>The VideoLAN project</dt>
+<dd><a href="//www.videolan.org/">http://www.videolan.org/</a>
+</dd>
+<dt>VLC official GIT repository</dt>
+<dd><a href="https://code.videolan.org/videolan/vlc.git">https://code.videolan.org/videolan/vlc.git</a>
+</dd>
+</dl>
+
+</div>
+
+<?php footer('$Id$'); ?>
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/55e1b613fe572c9fc044c7da357b200cb410406b
--
This project does not include diff previews in email notifications.
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/-/commit/55e1b613fe572c9fc044c7da357b200cb410406b
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the www-doc
mailing list