【VideoLAN】VLC media player 29 (ﾜｯﾁｮｲ無し)

**名無しさん＠お腹いっぱい。** · 2019/07/25(木) 02:17:14.41

続報　再検証結果

#22474 closed defect (fixed)　heap-buffer-overflow on demux_sys_t::FreeUnused
https://trac.videolan.org/vlc/ticket/22474
Issue is too old libebml in Ubuntu 18.04: libebml 1.3.6 fixes this issue.
End of story: VLC is not vulnerable, whether this is 3.0.7.1 or even 3.0.4.
The issue is in a 3rd party library, and it was fixed in VLC binaries version 3.0.3, out more than one year ago...

1年以上前に3.0.3nightlyで対策済3.0.4安定版以降最新の3.0.7.1の脅威ではない