macworld news antenna

Critical vulnerability found in VLC Media Player

The problem, which Secunia has described as “very critical”, affects Windows version 0.8.6h. Secunia has indicated in a bulletin that version 0.8.6i should be released shortly.

The bug is an integer overflow error, which could be used to cause a buffer overflow in the memory “heap”; a type of problem related to the way the application reserves memory. Secunia has indicated that the problem can be exploited using a manipulated “.wav” sound file and that it would allow the hacker to execute other code on the PC.

VLC Media Player is a free, open source program released under the GNU General Public license by the VideoLAN project. The player is compatible with MPEG-1, MPEG-2, MPEG-4, DivX, MP3 and OGG video files among others.