The VideoLAN project team have released VLC 1.1.9, just two weeks after the release of V1.1.8, to fix two important security flaws. As we reported here and here, two vulnerabilities have been found in VLC recently, one in the libmodplug plugin and the other in the MP4 demultiplexer. In both cases an attacker would have needed to convince a user to open a specially craft file to exploit the weaknesses.
According to the CHANGELOG V1.1.9 is a minor release, focused on security issues and bugfixes:
- Fix a heap corruption in MP4 demultiplexer
- Update of libmodplug in binaries to fix a security issue
- Many OS X layout and look fixes
- Update of translations and scripts
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols. V1.1.9 can be downloaded here.