In association with heise online

06 November 2008, 11:53

New critical vulnerabilities in VLC media player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A security update for the open source VLC media player fixes two critical vulnerabilities. Buffer overflows, which can be exploited by an attacker to inject code into a system and execute it with the user's privileges, can occur when parsing CUE image files and RealText subtitle files. However, the user must open a crafted file for this to happen.

VLC versions 0.5.0 to 0.9.5 are affected. Updating to version 0.9.6 should fix the bugs. For Windows, however, the latest version currently available to download is the old version 0.9.4. Alternatively, users can remove the affected plugins, libvcd_plugin.* and libsubtitle_plugin.* from the installation directory. Patches for older version are, according to the developers, available from the "o.9-bugfix" branch of the repository.

The development team behind VLC have been forced to patch multiple security vulnerabilities over the last year, most of which could be exploited to infect a computer. This does not, however, appear to have dented the application's popularity.

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit