Developers of the VLC media player have released a new version that takes care of several bugs and adds other improvements.
The latest version is now 1.1.3, which repairs a memory corruption problem in the TagLib plug-in that is rated as “critical” and affected VLC versions 0.9.0 through 1.1.2.
The vulnerability could be exploited by an attacker to crash the application or execute arbitrary code by tricking a user into opening a malware-laden media file, according to an advisory from Vupen Security.