VLC patches multiple security flaws, two critical



There are many options out there for media playback, we’ve come a long way since Windows Media Player and Quicktime.  Alternatives abound, and some of them quite compelling.

Take the Video Lan Client, better known to everyone as VLC, which is capable playing almost any format a user can throw at it. Like any software, however, there are always bugs, and sometimes security holes  that could allow bad things to happen to good people.

VLC is issuing a number of security fixes, 33 of them to be exact, designed to keep your system healthy. Two of these are considered critical, designed to patch an out-of-bound write vulnerability and a stack-buffer-overflow bug.

According ThreatPost “Details are scant on the two high-severity bugs and how they could be exploited. Impacted is VLC 3.0.7 and the EU-FOSSA release of the player, along with code tied to the upcoming 4.0 release of the player.”

The high number of patches comes on the heels of a new bug bounty program started by the European Commission on January 7, 2019.

The updates are being pushed out so users shouldn’t need to do anything except wait, and actually, you may already have it.