There are two memory corruption vulnerabilities in some versions of the VLC open-source media player that can allow an attacker to run arbitrary code on vulnerable machines.

Neither one of the vulnerabilities has been fixed by VideoLAN, the organization that maintains VLC. Security researcher Veysel Hatas reported the vulnerabilities to VideoLAN in December and published the advisories on Full Disclosure on Friday. One of the bugs is a DEP access violation vulnerability and the other is is a write access flaw.

The link for this article located at ThreatPost is no longer available.