Users of the popular open source media player VLC could be susceptible to two memory corruption flaws affecting some versions of the software running on Windows XP.
Turkish researcher Veysel Hatas discovered the vulnerabilities in VLC 2.1.5 in November and reported them to the VLC project’s developers VideoLAN on 26 December before publishing the findings on the 9 January after they weren’t fixed.
Hatas said the severity of both flaws was “high” and were posted on Full Disclosure last week.
“VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted M2V file,” Hatas described the second bug. “This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.”
VideoLAN told TechWeekEurope that the bugs described are NOT VLC vulnerabilities and have already been fixed upstream and that most Linux distributions have already fixed them. It added that VLC 2.2.0-rc2 already fixes the issue for Windows and OSX and claimed the issue was not exploitable.
“The reporter was notified, and did not care,” said the organisation.
Are you a security pro? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…