VLC Media Player Security Update

VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that fixed previously discovered security vulnerability in the application.

The developers of VLC have released a new version of the program yesterday that patches another security vulnerability in the program.

It took the VLC team less than five days to fix the vulnerability which was first disclosed on April 7. The security advisory on the Videolan web page describes the issue as a heap-based buffer overflow in the mp4 demuxer.

Workarounds have been posted on the very same page, which are however no longer necessary as the issue is fixed by the VLC update to version 1.1.9.

The built-in update checker does not seem to recognize the new update yet, which means that VLC users need to download the update from the homepage of the project to install the program update manually. Downloads for all supported operating systems are available on this page.

You can verify the version of VLC by clicking on Help > About in the program interface, or with the keyboard shortcut Shift-F1.

If you see VLC Media Player 1.1.8 there you need to update the software. Manual update checks are available via Help > Check for Updates. It is likely that the developers will enable automatic updates soon.

VLC 1.1.9 includes an update for the libmodplug which is security related as well.

Advertisement