VLC Media Player 1.1.5 fixes Windows vulnerability
The VideoLAN Project developers have announced the release of version 1.1.5 of their VLC Media Player, a free open source cross-platform multimedia player for various audio and video formats. The latest maintenance and security update includes various translation updates, several bug fixes and addresses a Windows only security issue.
According to the developers, VLC 1.1.5 addresses a stack smashing vulnerability in Samba access on Windows systems that could lead to the execution of arbitrary code on a victim's system. For an attack to be successful, a victim must first open a specially crafted file or connect to a remote network directory that contains malicious code. All versions of VLC up to 1.1.4 are reportedly affected. Other changes in the release include rewritten Game Music Emu support, the integration of a new list of web shows from channels.com and fixes for WebM live streams and H.264 playback hardware decoding using Intel GPU on Windows systems. All users are encouraged to upgrade to the latest release.
More information about the release, including a full list of changes, can be found in the official release announcement and on the What's new in 1.1.5 page. VLC 1.1.5 is available to download from the project's home page and is released under version 2 of the GNU General Public License (GPLv2).
- Stack smashing in Samba access, security advisory from the VideoLAN Project.