VLC Media Player 1.1.13 patched Buffer Overflow vulnerability

VLC released updated version 1.1.13 in order to fix the Security vulnerability in the TiVo demuxer.
About the Vulnerability:
When parsing the header of an invalid TY file, the heap might be corrupted.If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution might be possible on some systems, though this is unconfirmed.

VLC media player 1.1.13 addresses this issue. Patches for older versions are available from the official VLC source code repository vlc-1.1.git.

Alternatively, the TY demux plugin (libty_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent opening of TiVo files.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s