5
votes
[SOLVED] I might switch my PC media player from VLC to something else due to potential data leaks. What other media player should I choose if I do so?
edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the actual problem i had with Spyhunter, not VLC.
Spyhunter 5 has been bothering me about potential data leaks from vlc media player. The vulnerability is generally based on publicly available information.
It would be a shame if i have to switch, been using vlc for as long as i remember. It is probably the best media player out there, but i hate sharing my personal data in any way or form.
Spyhunter msg:
- Severity: Medium, VLC media player (Version 3.0.4)
- The CAF demuxer in modules/demux/cad.c in VideoLan media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in Caf files, because a ReadKukiChunk() cast converts a return value to an unsigned int, even if that value is negative. This could result in a denial of service and/or potential infoleak.
Is this even anything to care about? I have updated VLC including removing cashe and still get the alert. Is a rollback another option perhaps?
It's interesting that Spyhunter is picking up on that CVE. You should be completely fine. The vulnerability has already been fixed in the VLC code base and it looks like most OS packages starting with 3.0.6 include the patch to fix it. Make sure you are using the latest VLC (version 3.0.6) and if so, you can safely ignore that message. Even if you weren't, as long as you aren't opening CAF files, you have nothing to worry about with the current release.
https://www.cvedetails.com/cve/CVE-2018-19857/
ah, thank you. Somehow Spyhunter thinks i still have 3.0.4 installed when in actuality i have 3.0.6 installed.
I can suggest MPV or any libmpv based player, like mochi-player.
I came here to say MPV. I switched to MPV quite a while ago when I noticed VLC stuttering when decoding x265, and having other similar performance issues. It was probably something that could have been fixed had I spent a while googling, but instead I just wanted a nice player that could handle anything I wanted without any extra configuration or headache.
Anyway, that might have just been my noobery surrounding codec stuff rather than a fault with VLC, but I've enjoyed MPV a lot since then and have had no such performance issues.
I have never noticed VLC having any issues with x265... but I have experienced occasional stuttering with some high-bitrate MKVs (which a lot of older anime releases are in). Do you happen to know if MPV/libmpv fares any better handling them?
p.s. @firstname if you let me know what you want to title changed to, I can do it for you.
mpv has kinda taken over the spot that VLC / MPC + codec packs like CCCP held in the past in anime communities for being the default recommendation, partially for performance reasons and partially for having much better defaults. It's also where the shader fiends have been going hard, lmao.
I can't comment on your specific issue since I haven't dealt with shaderless / userscriptless performance issues in a long time anyway, but I think you have a good chance of it being better.
Thanks, in that case I will be sure to give it a try!
something like an edit telling that the problem has been solved. But maybe my own edit is enough? It does show under the title since i edited it at the top. Not sure how you guys want it done when it comes to "ask" threads.
I also already added a
solvedtopic tag... which combined with your topic text edit should be sufficient, IMO. But it's totally up to you and I can add it to the title as well, if you want.i agree, lets keep it this way. Thanks!
For macOS users, IINA is a faithfully-designed, open source macOS application that provides a very pretty wrapper around MPV. I thoroughly recommend it.
If you're still interested in alternatives, I'm a big fan of Media Player Classic.