DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
June 27, 2019 
Main Menu
News archives

Who's Online
There are currently 201 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Two nasty exploits found in VLC Media Player core library

Posted on Tuesday, January 20 2015 @ 15:16:43 CET by

VLC logo
A Turkish security researcher discovered two vulnerabilities in the library code used by VLC Media Player and other software. The bugs can lead to arbitrary code execution but despite the severity the risk seems somewhat limited as the exploit requires specially crafted FLV or M2V file and most users rarely come into contact with these file types.

The bugs were reported to VLC's developers on December 26, 2014 but the fix hasn't reached the latest stable version of VLC yet.
VLC's developers, Videolan Software, were informed of the flaws on Boxing Day and had not issued fixes for the latest stable version, 2.1.5, by the time of disclosure 9 January. Version 2.2.0-rc2, available to testers, is not vulnerable, according to the VLC project's bug tracker.

The developers have been contacted for comment. Judging by entries in the VLC bug tracker, here and here, the flaws lie within libavcodec, a core component of the video player. This library is also used by MPlayer and other open-source software.
Source: The Register



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba