This morning, VLC, Mplayer, and other popular media players were discovered to have a critical vulnerability bug.
According to TechNadu, the research company CISCO Talos identified the bug, found in streaming media RTSP server which is found in the media players. Although the developers of the media players already know about the bug, they’ve still highly encouraged users to download patches and the newest versions of the software immediately in order to combat the threat. You can get the latest version of VLC here:
Lillith Wyatt, a security researcher for CISCO Talos detailed what the vulnerability means in a blog post, saying:
“An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.”
Although all of the media players that could have been slammed with this bug haven’t yet been identified, many developers also recommend that you update your imaging hardware as the bug affects firmware in cameras used for streaming, as well.
VLC is an extremely popular media player worldwide. Even though the discovery of the bug was met with quick action by developers, VLC is also known to have had problems with security in the past and could do well to re-evaluate everything put into their player.