The VideoLAN Forums

Discussion and support for VLC media player and friends

Skip to content

Outdated libmodplug Vulnerability in 1.1.8

For questions and discussion that is NOT (I repeat NOT) specific to a certain Operating System.
Post Reply
zarathustra2k1
New Cone
New Cone
Posts: 7
Joined: 14 Oct 2009 20:04
VLC version: 2.2.4 Granny
Operating System: Win 7 Ultimate
Location: Nr. Stonehenge
Contact:
Contact zarathustra2k1

Outdated libmodplug Vulnerability in 1.1.8

Postby zarathustra2k1 » 10 Apr 2011 03:54

A critical zero-day vulnerability has been discovered in VLC media player and can potentially be exploited to execute arbitrary code on a user's system.
http://news.softpedia.com/news/VLC-Medi ... 4016.shtml

Will 1.1.9 have libmodplug 0.8.8.2? I'm currently disabling all VLC browser plugins until so.

Your thoughts please.
If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy - US President James Madison
Top
Rémi Denis-Courmont
Developer
Developer
Posts: 15317
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:
Contact Rémi Denis-Courmont

Re: Outdated libmodplug Vulnerability in 1.1.8

Postby Rémi Denis-Courmont » 10 Apr 2011 09:17

There is no answer to that question. VLC versions identify uniquely a VLC source code release. The VLC source code does not contain libmodplug. So VLC version numbers cannot be matched 1:1 to a version of libmodplug or any other library.

In particular:
  • some VLC builds use libmodplug from the operating system, whatever version that it provides,
  • some VLC builds are statically linked to libmodplug 0.8.8.2,
  • some builds are staticallyl inked to an older/buggy version (0.8.8.1, 0.8.7, etc),
  • some builds don't support libmodplug at all.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded
Top
Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:
Contact Jean-Baptiste Kempf

Re: Outdated libmodplug Vulnerability in 1.1.8

Postby Jean-Baptiste Kempf » 10 Apr 2011 11:04

A critical zero-day vulnerability has been discovered in VLC media player and can potentially be exploited to execute arbitrary code on a user's system.
http://news.softpedia.com/news/VLC-Medi ... 4016.shtml

Will 1.1.9 have libmodplug 0.8.8.2? I'm currently disabling all VLC browser plugins until so.

Your thoughts please.
ftp://ftp.videolan.org/pub/videolan/tes ... 1-modplug/
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.
Top
zarathustra2k1
New Cone
New Cone
Posts: 7
Joined: 14 Oct 2009 20:04
VLC version: 2.2.4 Granny
Operating System: Win 7 Ultimate
Location: Nr. Stonehenge
Contact:
Contact zarathustra2k1

Re: Outdated libmodplug Vulnerability in 1.1.8

Postby zarathustra2k1 » 10 Apr 2011 23:30

Thank you for the information.
If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy - US President James Madison
Top
Post Reply

Return to “General VLC media player Troubleshooting”

Who is online

Users browsing this forum: No registered users and 58 guests

Powered by phpBB® Forum Software © phpBB Limited
GZIP: On