VideoLAN recently announced the release of version 1.1.12 of its VLC Media Player.
"The maintenance and security update addresses a NULL dereference vulnerability in the HTTP and RTSP server component used by VLC which could be exploited by an attacker to crash the server process," The H Security reports.
"For an attack to be successful, a victim must have started VLC server and manually started the HTTP web interface, HTTP output, RTSP output or RTSP VoD functions," the article states.
Go to "VLC Media Player 1.1.12 closes security hole" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.