VLC Media Player plugs holes
For some time now, there have been several open security holes in VLC Media Player, MPlayer and Xine. The developers of VLC Media Player have now published Version 0.8.6f to close these holes in their product.
The current version eliminates the error in processing manipulated subtitle files that enabled attackers to smuggle in trojans. The vulnerability through which crafted real-time data streams were able to trigger a buffer overflow and execute infiltrated programming code has also been fixed. Version 0.8.6f also closes a hole through which manipulated files encoded with the Cinepak codec trigger a buffer overflow.
A non-security related bugfix is provided for users of the software under Mac OS X. The plug-in for Mozilla now registers some MIME types that VLC can process.
Since the vulnerabilities that the current version closes enable attackers to inject malicious code, VLC users should download and install the new version without delay.
- change log, overview of the changes between VLC 0.8.6e and 0.8.6f
- download of VLC Media Player 0.8.6f