VLC 2.0.2 “Twoflower”, which is being called “an important update”, has been released by the VLC project team to fix a series of regressions to the 2.0.x branch of VLC, to fix a couple of security vulnerabilities and to add support for Apple’s Retina Display (HiDPI) on the new MacBook Pros.
According to the release page, 2.0.2 fixes a couple of hundreds of bugs, and adds more than 500 commits on top of 2.0.1. These fixes include:
- Fix video output for old graphic cards on Windows XP, which are using DirectX
- Fix video output on old Macs, notably PowerPC and GMA950 intel Macs.
- Fixes for splitted RAR, MKV segmented, mp4 and Real media files playback.
- Fixes for subtitles auto-detection
- Fixes on Qt, skins2 and web interfaces
- Fixed crash when trying to open an Audio CD by drag & drop
- Fixed a crash when attaching hard drives with multiple partitions while VLC is running
According to a blog post by VLC developer Felix Kühne, VLC 2.0.2 also includes the following security content:
- Fixed Ogg Heap buffer overflow
- Updated taglib (CVE-2012-2396)
CVE-2012-2396 describes how VLC 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a specially crafted MP4 file. More details on this can be found here where an exploit and POC are given.