Gentoo Linux Security Advisory 201411-1 - Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affected.
dc80967f563bbb7cad25daadf72cf12d774e1d368369c73dbb4cb2d0f6afafb2
Debian Linux Security Advisory 2211-1 - Ricardo Narvaja discovered that missing input sanitizing in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file.
e073d46b4829b171e82673b95ad61f5320339eabeacacf28e5154686cc313d17
This Metasploit module exploits VLC media player when handling a .AMV file. By flipping the 0x41st byte in the file format (video width/height), VLC crashes due to an invalid pointer, which allows remote attackers to gain arbitrary code execution. The vulnerable packages include: VLC 1.1.4 VLC 1.1.5 VLC 1.1.6 VLC 1.1.7.
ad3457b33c1e4c43e6d0a896791081f60a3443611181ae8b714619e73cacfa19
Core Security Technologies Advisory - Two vulnerabilities have been found in VLC media player, when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC. Versions 1.1.4 through 1.1.7 are affected.
8be83321208dda4d6d31da8ff809448217d99f09c95ce0362ee9c5369cec08f6