Again critical vulnerability in VLC

Just a few days after the VLC developers fixed a vulnerability in the popular VLC video player, a new critical security vulnerability in the processing of .mkv files became public. By opening specially crafted .mkv files, the computer can be infected with a Trojan, for example. The files don’t need the .mkv extension necessarily as VLC tries to find the appropriate demultiplexing routines automatically.

A fix is already available in the source code repositories – but a new installation version which isn’t affected by the flaw is not yet ready. Until then, don’t open files from untrusted sources with VLC!

Dirk Knop
Technical Editor