In association with heise online

03 January 2011, 12:56

Hole in VLC Media Player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VLC logo Virtual Security Research (VSR) has identified a vulnerability in VLC Media Player. In versions up to and including 1.1.5 of the VLC Media Player, specially crafted files can be used to inject code that will trigger a buffer overflow in the demultiplexer used for Real Media format files.

Potential victims need to explicitly open such a specially crafted file. Users have, therefore, been advised not to open files from unknown sources until the media player has been patched. As an alternative, the Real demuxer plug-in (libreal_plugin.*) can be removed from the VLC plugin directory. VLC Media Player 1.1.6 is said to be immune to the problem, but the Videolan developers have not yet released this version for Windows.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit