Stephen Withers
Monday, 14 July 2008 07:52
Your IT -
Home IT
Users of the open source VLC media player should download version 0.8.6i to avoid a serious vulnerability in previous releases.
According to a security advisory released by the VideoLAN project, a maliciously crafted WAV file could either crash VLC or cause the execution of arbitrary code.
In common with so many vulnerabilities that can be exploited through media files, this is another buffer overflow problem.
Version 0.8.6i plugs this hole by adding "further sanity checks to the RIFF WAVE demuxers", according to the advisory.
The new release also features a number of miscellaneous bug fixes, affecting aspects such as VCD input, SAP services discovery and the http control interface.
VLC is popular for a variety of reasons. Apart from being cross-platform (Windows, Mac OS X, Linux and other operating systems including BeOS and Solaris), it handles a wide variety of content types without requiring add-on codecs, and ignores region codes when playing back DVDs.
Download VLC
here.
buy tramadol online