The VLC development team introduced a new version of its ‘Goldeneye’ branch.
This release bridges the gap between version 1.0.5 and the upcoming 1.1.0 VLC release.
It fixes several vulnerabilities which were uncovered during the development of VLC 1.1.0. It also introduces a number of additional fixes.
VLC media player suffers from various vulnerabilities when attempting to parse malformatted or overly long byte streams. If successful, a malicious third party could crash the player instance or perhaps execute arbitrary code within the context of VLC media player. Exploitation of those bugs requires the user to explicitly open specifically crafted malicious files.