Tuesday, February 1, 2011

Vulnerabilities In VLC Player

VideoLAN project has released a new version of their VLC media player. Version 1.1.7 fixes two vulnerabilities:
-When parsing an invalid CDG file, insufficient boundary checks might lead to corruption of the heap. (advisory)
-When parsing an invalid MKV (Matroska or WebM) file, input validation are insufficient. (advisory)

The first vulnerability affects VLC Player version 1.1.5 and the second one version 1.1.6.1 and earlier.

At the moment of writing this, version 1.1.7 is not available on the download page, yet. However, it can be manually downloaded from VLC FTP archive.

No comments: