VLC Player Vulnerability

Torrentfreak are reporting that two vulnerabilities have been discovered in VLC Player which allow execution of arbitrary code. The second vulnerability has already been fixed in the newest version of VLC which is available for download on the developers homepage. The first vulnerability however can be exploited to cause stack-based buffer overflows when loading subtitles in VLC.

The solution given by the security company that discovered the vulnerability is to load only subtitles from trusted source or no subtitles at all until an official fix has been posted by the developers ov VLC.

Another option would be to switch to another player for the time being. SMPlayer, my favorite player, is another good choice which does not have this vulnerability.

Tags: Security, video players, vlc, vlc media player, vulnerability
Categories: Music and Video, Security, software

Related posts:

1. Real Player Internet Explorer vulnerability
2. Google Chrome Address Spoofing Vulnerability
3. Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability
4. A VLC alternative called SMPlayer
5. Adobe Flash Player Clickjacking Vulnerability
6. SMPlayer Portable
7. SMPlayer 0.6.7 out
8. Windows Vulnerability Scanner

2 Responses to “VLC Player Vulnerability”

1. waldwicht says:

   March 19, 2008 at 1:24 pm

   Is there yet a way to avoid the “Pause”-lag?

   Reply
2. vance says:

   March 19, 2008 at 6:50 pm

   Also try MPC, I use 3 players VLC, SMplayer and MPC. Not every Player can actually play .avi files.

   Reply