• Most votes
  • Most comments
  • Newest
  • Activity
    1. edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the...

      edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the actual problem i had with Spyhunter, not VLC.

      Spyhunter 5 has been bothering me about potential data leaks from vlc media player. The vulnerability is generally based on publicly available information.
      It would be a shame if i have to switch, been using vlc for as long as i remember. It is probably the best media player out there, but i hate sharing my personal data in any way or form.

      Spyhunter msg:

      • Severity: Medium, VLC media player (Version 3.0.4)
        • The CAF demuxer in modules/demux/cad.c in VideoLan media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in Caf files, because a ReadKukiChunk() cast converts a return value to an unsigned int, even if that value is negative. This could result in a denial of service and/or potential infoleak.

      Is this even anything to care about? I have updated VLC including removing cashe and still get the alert. Is a rollback another option perhaps?

      5 votes