GStreamer 1.16.0 Framework to Rolled Out

It's a cross-platform set of components for creating a wide range of multimedia applications, like media players or audio/video file converters, to VoIP apps
22 April 2019   475

After more than a year of development, GStreamer 1.16 was released. It is the C written cross-platform set of components for creating a wide range of multimedia applications, from media players and audio / video file converters, to VoIP applications and streaming systems. The GStreamer code is distributed under the LGPLv2.1 license.

Updates for the plug-ins gst-plugins-base, gst-plugins-good, gst-plugins-bad, gst-plugins-ugly, as well as the gst-libav to 1.16 is available. At the API and ABI level, the new release is backward compatible with branch 1.0. Binary assemblies will soon be prepared for Android, iOS, macOS and Windows (Linux is recommended to use packages from the distribution).

It has a lot of updates and improvements. For example, hidden subtitles support, optimization improvements and much more. Get more info at email archive

Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   955

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.