Updated VLC Fixes Security Problems
Jun 19, 2007, 20:15 (0 Talkback[s])
(Other stories by Shirl Kennedy)
"Users of VideoLAN's VLC cross-platform media player are
strongly advised to upgrade to the just-released version 0.8.6c,
which fixes 'a security vulnerability in the CDDA, Vorbis, Theora
and SAP plugins.'
"In a security advisory about this issue--originally reported by
David Thiel of iSEC Partners--VideoLAN explained that 'Ogg/Vorbis,
Ogg/Theora, CDDA (CD Digital Audio) and SAP (Service Announce
Protocol) plugins are prone to a C-style format string
vulnerability when trying to parse a media data stream...'"