December 4, 2016

VideoLan Project Releases VLC Security Fix Release

(LiveHacking.Com) – VideoLAN and the VLC development team have released VLC 1.1.12 to fix bugs and a security issue while adding improvements to the audio output on Mac OS X and with PulseAudio.

The security issue fixed in this release is a NULL dereference vulnerability that causes a crash that occurrs when an invalid URL was processed by the HTTP and RTSP server components. If successful, a malicious third party could crash the server process, however arbitrary code execution is not believed possible.

For the vulnerability to be exploited the user has to explicitly start the HTTP web interface, HTTP output, RTSP output or RTSP VoD functions.

Other changes between 1.1.11 and 1.1.12:

  • Mac OS X / auhal: multiple fixes for the Digital Audio output (S/PDIF) including support for OS X Lion
  • Multiple fixes and improved synchronization for PulseAudio support
  • Support for AC-3 and DTS passthrough with PulseAudio 1.0
  • Fix crashes with Japanese locale on OS X
  • Minor fixes for Webplugin under Win32, AVI demuxer, smem and AudioScrobbler

VLC 1.1.12 is available for download from the project’s web site

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks