Developers of the VLC media player have released a new version that takes care of several bugs and adds other improvements. The latest version is now 1.1.3, which repairs a memory corruption problem in the TagLib plug-in that is rated as "critical" and affected VLC versions 0.9.0 through 1.1.2.
The vulnerability could be exploited by an attacker to crash the application or execute arbitrary code by tricking a user into opening a malware-laden media file, according to an advisory from Vupen Security. VideoLan, which is a group of developers who created VLC, characterised the latest release as minor. Other changes include updated translations for Dutch, Sinhala, Hebrew, Estonian and Spanish.
The VLC media player is part of the VideoLAN project, which was started as a student project at the French École Centrale Paris, and now developers from 20 countries contribute to it, according to its website.
The player is free, and it is released under the GNU General Public Licence. It can handle video files in MPEG-1, MPEG-2, MPEG-4, DivX, MP3, and OGG formats, among others, and play DVDs.
VLC can also be used as a streaming media server for a variety of platforms. VLC has been downloaded up to 176 million times, according to the project's Web site.