VLC Media Player Security Update
VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that fixed previously discovered security vulnerability in the application.
The developers of VLC have released a new version of the program yesterday that patches another security vulnerability in the program.
It took the VLC team less than five days to fix the vulnerability which was first disclosed on April 7. The security advisory on the Videolan web page describes the issue as a heap-based buffer overflow in the mp4 demuxer.
Workarounds have been posted on the very same page, which are however no longer necessary as the issue is fixed by the VLC update to version 1.1.9.
The built-in update checker does not seem to recognize the new update yet, which means that VLC users need to download the update from the homepage of the project to install the program update manually. Downloads for all supported operating systems are available on this page.
You can verify the version of VLC by clicking on Help > About in the program interface, or with the keyboard shortcut Shift-F1.
If you see VLC Media Player 1.1.8 there you need to update the software. Manual update checks are available via Help > Check for Updates. It is likely that the developers will enable automatic updates soon.
VLC 1.1.9 includes an update for the libmodplug which is security related as well.
Advertisement
When I went to install, I noticed there is an EULA about OpenCandy, which I seem to remember Spybot rates as some sort of adware. There seems to be no option to avoid this, unlike the toolbar install options, which need to be kept an eye on if fully installing. Just Google it for more info.
Thanks for brining this to my attention. So Open Candy scans the PC for installed software to include an optional software offer during the installation? Do you know if the information are at any time transferred and recorded by the company?
Re. OpenCandy. I aborted the install when I saw this, so I’ve no idea how it works or what (if any) information is phoned home.
Further:
This article gives a bit more info:
http://cranialsoup.blogspot.co.uk/2009/05/opencandy-new-kind-of-adwarespyware.html
Seems to be a bit more pervasive than I first thought. There is a list of applications that stand accused of installing it, including some well-known names such as WinAmp.
Also more here:
http://en.wikipedia.org/wiki/OpenCandy
SpyBot found it on one of my three machines but I’ve never seen anything happen that could be attributed to it, so allowed it to be deleted. Also found two OpenCandy folders on one other PC. One was empty and one contained a text file entitled “Why is this here?”, which I deleted but gave, more-or-less the same explanation as seen in their blurb
Trying the cranialsoup link above gave me the following warning. It might be nothing but I thought I’d mention it. I didn’t proceed.
“cranialsoup.blogspot.co.uk contains content from outtolunchjazz.blogspot.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found that malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it’s possible that it has just recently been compromised by a hacker. You should not proceed. Why not try again tomorrow or go somewhere else?”
Martin thanks for bringing that to our attention. Could be a hacked site that is used for the purpose.
Note that .NET 4 is said to be required.
I used this for the past 7 months and it works great and gets the job done i love it’s interface and simplicity an it is surely powerful if you check out their homepage or their unique features which are an added bonus
How fast does it burn a dvd once you pay? It takes at least 40 minutes for a movie right now before payment.
For those of you who want to avoid spyware and have more control over the DVD — yet still convert video files easily, check out DVD Flick. An open source program I’ve been using for years, no problem:
http://www.dvdflick.net/
Hey Martin, Zeus is right, DVD Flick is a first class program, I’ve been using it for years also and it works perfectly, no ad-ware and its open source.
I have used DVD Flick for quite some time for that purpose. Recently though it would not start throwing an error message instead which I could not get resolved. That’s why I looked for alternatives and found this program to be quite good for the purpose.
yo Martin, for my day to day job I use convertxtodvd which is great. As free software, this one seems good for friends and relatives. Does it include subs too while converting to DVD?
Yes you can add subtitles for each video individually if you want.
I tried this program but it turned out that it messed up videos completely, like stretching or weird compression etc. The concept is great but above mentioned issues put me off.
I did exactly what you said but when I played the dvd it didn’t have any audio. I’ve tried many different things, but it still doesn’t come with audio. Do you have any idea how to fix this?
If you can find an older version of Freemake Video Converter (older than but including ver. 2.3.4), it won’t have the OpenCandy stuff or nag you to install toolbars. It works great, you’ll just be missing the bleeding edge updates.
If you want to install Freemake without the Candy ‘add-on’ then you need to install through command line using /nocandy extension. It will still show you the Eula for Candy but will not install it. If you dont know what i’m talking then probably best not do, but it does work, honest!
what does it mean if it says convert instead of burn
It means that the video format that you have needs to be converted before it can be burned.
The earliest version of Freemake Video Converter, I used was version 3.2.1.4 from January 2013.
Can any one please tell me about the Top Menu that was in use back then? Were there 3 options: Motion Menu; Text Only and No Menu ? Basically I am wanting to find out if Text Only Menu was possible back then?
I know that by March 2013 Freemake changed the style of their menu’s and Text Only was one option alongside coloured icon templates.
Nine times out of ten I can burn a full 5 hours of videos to the Freemake Video converter, and contrary to what others say, the finished results of copy quality are excellent!
However, I occasionally come across a movie with very fast, or ‘busy’ imagery which comes out with tiny Mosaic or pixilations. I am told this is a Bitrate problem(?)
Is there any way I can alter the Bitrate to improve matters, please? (It is important to have approx. 5 hours on the disc, so I do not want to miss anything out.)
Please tell me what to do and what kind of Bitrate figure I should need?
WHEN IT COMES TO BURNING THE VIDEOS TO A DVD, IT GOES THROUGH THE MOTIONS, BUT THE DVD NEVER GETS BURNT.