An unscheduled maintenance release of VLC media player 3.0.20 is available, which fixes a potential vulnerability (CVE not assigned) that leads to data being written to a memory area outside the buffer boundary when parsing malformed network packets in the MMSH (Microsoft Media Server over HTTP) stream handler. The vulnerability could theoretically be exploited by attempting to download content from malicious servers using the “mms://” URL.
In addition to security issues, the new release also fixes the following issues:
- Crash on systems with some versions of drivers for AMD GPUs;
- Crash when an unsuccessful attempt to use the AV1 hardware decoder;
- Green bar appears during full-screen playback via D3D11 in Windows;
- Crashes when processing double-clicks with the mouse wheel;
- Toolbar disappears in full screen mode Windows.
Source: opennet.ru
