VLC Media Player Security Update

vlc update
Martin Brinkmann
Apr 13, 2011
Updated • Dec 5, 2012
Security, Video
|
4

VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that fixed previously discovered security vulnerability in the application.

The developers of VLC have released a new version of the program yesterday that patches another security vulnerability in the program.

It took the VLC team less than five days to fix the vulnerability which was first disclosed on April 7. The security advisory on the Videolan web page describes the issue as a heap-based buffer overflow in the mp4 demuxer.

Workarounds have been posted on the very same page, which are however no longer necessary as the issue is fixed by the VLC update to version 1.1.9.

The built-in update checker does not seem to recognize the new update yet, which means that VLC users need to download the update from the homepage of the project to install the program update manually. Downloads for all supported operating systems are available on this page.

You can verify the version of VLC by clicking on Help > About in the program interface, or with the keyboard shortcut Shift-F1.

If you see VLC Media Player 1.1.8 there you need to update the software. Manual update checks are available via Help > Check for Updates. It is likely that the developers will enable automatic updates soon.

VLC 1.1.9 includes an update for the libmodplug which is security related as well.

Advertisement

Related content

FBI Issues new alert over phishing SMS scam targeting highway toll customers
Windows 11 set up is automatically enabling OneDrive folder back up for users

Windows has an 8-year-old security issue that is exploited and known by Microsoft for some time

1Password password manager gets location support for faster access

LibreOffice: Windows vulnerability affects links in documents, patch available

There is a new PayPal Phishing Scam that you need to know about (using real PayPal emails)

Lexmark issues warning about critical security vulnerabilities in printer software

Tutorials & Tips

How to customize the settings in mpv

How to record any streaming video on the Internet

How to verify link targets before you click on links

Burn videos to DVD with Freemake Video Converter


Previous Post: «
Next Post: «

Comments

  1. Steven said on April 26, 2011 at 12:26 am
    Reply

    The AutoDJ software seems to be missing from already from the source forge site. The site shows no files found.

  2. Ken said on April 14, 2011 at 3:37 pm
    Reply

    As of now my version 1.1.8 The Luggage (??) reports as up to date

    1. Martin Brinkmann said on April 14, 2011 at 4:33 pm
      Reply

      Yes that is rather strange, considering that 1.1.9 has been released for a few days now.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2025 - All rights reserved