VLC Media Player Security Update

Martin Brinkmann
Apr 13, 2011
Updated • Dec 5, 2012
Security, Video

VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that fixed previously discovered security vulnerability in the application.

The developers of VLC have released a new version of the program yesterday that patches another security vulnerability in the program.

It took the VLC team less than five days to fix the vulnerability which was first disclosed on April 7. The security advisory on the Videolan web page describes the issue as a heap-based buffer overflow in the mp4 demuxer.

Workarounds have been posted on the very same page, which are however no longer necessary as the issue is fixed by the VLC update to version 1.1.9.

The built-in update checker does not seem to recognize the new update yet, which means that VLC users need to download the update from the homepage of the project to install the program update manually. Downloads for all supported operating systems are available on this page.

You can verify the version of VLC by clicking on Help > About in the program interface, or with the keyboard shortcut Shift-F1.

If you see VLC Media Player 1.1.8 there you need to update the software. Manual update checks are available via Help > Check for Updates. It is likely that the developers will enable automatic updates soon.

VLC 1.1.9 includes an update for the libmodplug which is security related as well.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Steven said on April 26, 2011 at 12:26 am

    The AutoDJ software seems to be missing from already from the source forge site. The site shows no files found.

  2. Ken said on April 14, 2011 at 3:37 pm

    As of now my version 1.1.8 The Luggage (??) reports as up to date

    1. Martin Brinkmann said on April 14, 2011 at 4:33 pm

      Yes that is rather strange, considering that 1.1.9 has been released for a few days now.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.