In association with heise online

03 April 2008, 15:07

VLC Media Player plugs holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

For some time now, there have been several open security holes in VLC Media Player, MPlayer and Xine. The developers of VLC Media Player have now published Version 0.8.6f to close these holes in their product.

The current version eliminates the error in processing manipulated subtitle files that enabled attackers to smuggle in trojans. The vulnerability through which crafted real-time data streams were able to trigger a buffer overflow and execute infiltrated programming code has also been fixed. Version 0.8.6f also closes a hole through which manipulated files encoded with the Cinepak codec trigger a buffer overflow.

A non-security related bugfix is provided for users of the software under Mac OS X. The plug-in for Mozilla now registers some MIME types that VLC can process.

Since the vulnerabilities that the current version closes enable attackers to inject malicious code, VLC users should download and install the new version without delay.

See also:

  • change log, overview of the changes between VLC 0.8.6e and 0.8.6f
  • download of VLC Media Player 0.8.6f


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit