VLC Media Player Security Update

Martin Brinkmann
Apr 13, 2011
Updated • Dec 5, 2012
Security, Video

VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that fixed previously discovered security vulnerability in the application.

The developers of VLC have released a new version of the program yesterday that patches another security vulnerability in the program.

It took the VLC team less than five days to fix the vulnerability which was first disclosed on April 7. The security advisory on the Videolan web page describes the issue as a heap-based buffer overflow in the mp4 demuxer.

Workarounds have been posted on the very same page, which are however no longer necessary as the issue is fixed by the VLC update to version 1.1.9.

The built-in update checker does not seem to recognize the new update yet, which means that VLC users need to download the update from the homepage of the project to install the program update manually. Downloads for all supported operating systems are available on this page.

You can verify the version of VLC by clicking on Help > About in the program interface, or with the keyboard shortcut Shift-F1.

If you see VLC Media Player 1.1.8 there you need to update the software. Manual update checks are available via Help > Check for Updates. It is likely that the developers will enable automatic updates soon.

VLC 1.1.9 includes an update for the libmodplug which is security related as well.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Dave said on August 5, 2012 at 7:47 pm

    When I went to install, I noticed there is an EULA about OpenCandy, which I seem to remember Spybot rates as some sort of adware. There seems to be no option to avoid this, unlike the toolbar install options, which need to be kept an eye on if fully installing. Just Google it for more info.

    1. Martin Brinkmann said on August 5, 2012 at 8:25 pm

      Thanks for brining this to my attention. So Open Candy scans the PC for installed software to include an optional software offer during the installation? Do you know if the information are at any time transferred and recorded by the company?

      1. Dave said on August 5, 2012 at 8:37 pm

        Re. OpenCandy. I aborted the install when I saw this, so I’ve no idea how it works or what (if any) information is phoned home.

      2. Dave said on August 5, 2012 at 9:45 pm

        This article gives a bit more info:
        Seems to be a bit more pervasive than I first thought. There is a list of applications that stand accused of installing it, including some well-known names such as WinAmp.
        Also more here:
        SpyBot found it on one of my three machines but I’ve never seen anything happen that could be attributed to it, so allowed it to be deleted. Also found two OpenCandy folders on one other PC. One was empty and one contained a text file entitled “Why is this here?”, which I deleted but gave, more-or-less the same explanation as seen in their blurb

      3. Martin Watson said on August 23, 2012 at 9:00 am

        Trying the cranialsoup link above gave me the following warning. It might be nothing but I thought I’d mention it. I didn’t proceed.

        “cranialsoup.blogspot.co.uk contains content from outtolunchjazz.blogspot.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.
        Google has found that malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it’s possible that it has just recently been compromised by a hacker. You should not proceed. Why not try again tomorrow or go somewhere else?”

      4. Martin Brinkmann said on August 23, 2012 at 9:22 am

        Martin thanks for bringing that to our attention. Could be a hacked site that is used for the purpose.

  2. Peter said on August 5, 2012 at 8:32 pm

    Note that .NET 4 is said to be required.

  3. jay said on August 5, 2012 at 8:47 pm

    I used this for the past 7 months and it works great and gets the job done i love it’s interface and simplicity an it is surely powerful if you check out their homepage or their unique features which are an added bonus

    1. Anonymous said on December 15, 2017 at 1:12 pm

      How fast does it burn a dvd once you pay? It takes at least 40 minutes for a movie right now before payment.

  4. Zeus said on August 6, 2012 at 3:38 am

    For those of you who want to avoid spyware and have more control over the DVD — yet still convert video files easily, check out DVD Flick. An open source program I’ve been using for years, no problem:


    1. Cornelis said on August 6, 2012 at 10:30 am

      Hey Martin, Zeus is right, DVD Flick is a first class program, I’ve been using it for years also and it works perfectly, no ad-ware and its open source.

      1. Martin Brinkmann said on August 6, 2012 at 10:48 am

        I have used DVD Flick for quite some time for that purpose. Recently though it would not start throwing an error message instead which I could not get resolved. That’s why I looked for alternatives and found this program to be quite good for the purpose.

  5. Mountainking said on August 6, 2012 at 7:00 am

    yo Martin, for my day to day job I use convertxtodvd which is great. As free software, this one seems good for friends and relatives. Does it include subs too while converting to DVD?

    1. Martin Brinkmann said on August 6, 2012 at 8:40 am

      Yes you can add subtitles for each video individually if you want.

  6. Noel said on August 6, 2012 at 1:10 pm

    I tried this program but it turned out that it messed up videos completely, like stretching or weird compression etc. The concept is great but above mentioned issues put me off.

  7. Nurai said on December 23, 2012 at 8:05 pm

    I did exactly what you said but when I played the dvd it didn’t have any audio. I’ve tried many different things, but it still doesn’t come with audio. Do you have any idea how to fix this?

  8. JI said on January 5, 2013 at 6:27 am

    If you can find an older version of Freemake Video Converter (older than but including ver. 2.3.4), it won’t have the OpenCandy stuff or nag you to install toolbars. It works great, you’ll just be missing the bleeding edge updates.

  9. Damien said on April 4, 2013 at 9:35 am

    If you want to install Freemake without the Candy ‘add-on’ then you need to install through command line using /nocandy extension. It will still show you the Eula for Candy but will not install it. If you dont know what i’m talking then probably best not do, but it does work, honest!

  10. Daniel said on November 27, 2013 at 4:55 am

    what does it mean if it says convert instead of burn

    1. Martin Brinkmann said on November 27, 2013 at 9:57 am

      It means that the video format that you have needs to be converted before it can be burned.

  11. Paul said on August 15, 2018 at 11:03 am

    The earliest version of Freemake Video Converter, I used was version from January 2013.
    Can any one please tell me about the Top Menu that was in use back then? Were there 3 options: Motion Menu; Text Only and No Menu ? Basically I am wanting to find out if Text Only Menu was possible back then?
    I know that by March 2013 Freemake changed the style of their menu’s and Text Only was one option alongside coloured icon templates.

  12. Paul said on September 4, 2019 at 3:19 pm

    Nine times out of ten I can burn a full 5 hours of videos to the Freemake Video converter, and contrary to what others say, the finished results of copy quality are excellent!
    However, I occasionally come across a movie with very fast, or ‘busy’ imagery which comes out with tiny Mosaic or pixilations. I am told this is a Bitrate problem(?)
    Is there any way I can alter the Bitrate to improve matters, please? (It is important to have approx. 5 hours on the disc, so I do not want to miss anything out.)
    Please tell me what to do and what kind of Bitrate figure I should need?

  13. Uncle Junior Soprano said on April 9, 2021 at 6:40 am


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.