VLC Media Player Security Update - gHacks Tech News

VLC Media Player Security Update

VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that fixed previously discovered security vulnerability in the application.

The developers of VLC have released a new version of the program yesterday that patches another security vulnerability in the program.

It took the VLC team less than five days to fix the vulnerability which was first disclosed on April 7. The security advisory on the Videolan web page describes the issue as a heap-based buffer overflow in the mp4 demuxer.

Workarounds have been posted on the very same page, which are however no longer necessary as the issue is fixed by the VLC update to version 1.1.9.

The built-in update checker does not seem to recognize the new update yet, which means that VLC users need to download the update from the homepage of the project to install the program update manually. Downloads for all supported operating systems are available on this page.

You can verify the version of VLC by clicking on Help > About in the program interface, or with the keyboard shortcut Shift-F1.

vlc update

If you see VLC Media Player 1.1.8 there you need to update the software. Manual update checks are available via Help > Check for Updates. It is likely that the developers will enable automatic updates soon.

VLC 1.1.9 includes an update for the libmodplug which is security related as well.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Ken said on April 14, 2011 at 3:37 pm
    Reply

    As of now my version 1.1.8 The Luggage (??) reports as up to date

    1. Martin Brinkmann said on April 14, 2011 at 4:33 pm
      Reply

      Yes that is rather strange, considering that 1.1.9 has been released for a few days now.

  2. Steven said on April 26, 2011 at 12:26 am
    Reply

    The AutoDJ software seems to be missing from already from the source forge site. The site shows no files found.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.