VLC Media Player 1.1.9 closes security holes
The VideoLAN project has released version 1.1.9 of its VLC media player, the free open source cross-platform multimedia player for various audio and video formats. According to the developers, the tenth release of the 1.1.x branch of VLC is a maintenance and security update that addresses several issues found in the previous update from the end of March.
VLC 1.1.9 addresses a previously reported buffer overflow vulnerability when playing MP4/MPEG-4 files. This could be exploited by an attacker, for example, to execute arbitrary code on a user's system. For an attack to be successful, a user has to open a specially crafted media file. The latest release also updates the Libmodplug library, also known as the ModPlug XMMS Plugin, for Windows and Mac OS X to correct a highly critical buffer overflow vulnerability that could have been exploited when users opened a specially crafted S3M file.
Other changes include fixes for more than a dozen Mac OS X interface bugs and the inclusion of the Growl notification software, as well as various translation and script updates. All users are advised to update as soon as possible.
Further details about the maintenance and security update can be found in the official release announcement and on the What's new in 1.1.9 web page. VLC 1.1.9 is available to download for Windows, Mac OS X and Linux from the project's home page. VLC is released under version 2 of the GNU General Public License.
- Heap corruption in MP4 demultiplexer, security advisory from VideoLAN.