VideoLAN has released a security advisory to address multiple vulnerabilities in the VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
According to a VideoLAN advisory, the flaws occur when the media player attempts to parse malformatted or overly long byte streams.
“If successful, a malicious third party could crash the player instance or perhaps execute arbitrary code within the context of VLC media player,” the open-source warned.
Exploitation of these vulnerabilities requires the user to explicitly open specifically crafted malicious files.
* Read the full advisory [videolan.org]