In association with heise online

01 December 2008, 11:30

Another vulnerability in VLC media player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in VLC media player allows an attacker to write and execute arbitrary code via malformed RealMedia files. The victim would have to download and open a RealMedia file or visit a web site transmitting a specially crafted RealMedia stream.

The security advisory says the problem is caused by a heap overflow in modules\demux\real.c. An update to Version 0.9.7 should solve the problem. Alternatively, the Real demuxer plugin libreal_plugin.* can be removed manually from the VLC plugin installation directory.

In view of the large number of critical vulnerabilities discovered in VLC recently, users should perhaps consider an alternative media player. Admittedly, the VLC's network and streaming capabilities make it difficult to replace, but if you do not need these functions and need a media player to just replay films stored on your system, then an alternative player may be more suitable.

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit