VLC update fixes critical hole
A security advisory recently published by Core Security Technologies has noted that VLC version 0.9.3 fixed a critical security hole in the multimedia player. Since the update, the VideoLAN project has also released version 0.9.4.
Up to version 0.9.2, specially crafted XSPF playlists can cause a buffer overflow and allow arbitrary code to be injected and executed. Several critical security problems in the code of the open source projects have emerged in the last few month. Users of older versions of VLC are advised to update to the current version as soon as possible.
See also:
- VLC media player XSPF Memory Corruption, security advisory by Core Security Technologies
- VLC media player, homepage and downloads for latest VLC
(djwm)