VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal.
![The Hacker News](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisyP7uYmS7e5etU3-BV7z29t5yYaMJ6fCj11X0FyRwPk2C4md1_RDZuF6puI3RQY7ZuLJsEiwdWI5esoS4TXfTRuDVfh07veDLiJ5WIYb1l85rMSIJ99IhQFPB7FhajSuZcm89WWh18Hc/s728-rw-e365/Buffer+Overflow+vulnerability+in+VLC+media+player.png)
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.