Which vlc version is *secure* ?

Asked by 164747 on 2008-07-23

Hi,

considering bugs such as https://bugs.launchpad.net/ubuntu/intrepid/+source/vlc/+bug/238873 . Is it safe to use vlc? I sometimes get strange crashes with vlc looking at downloaded files from untrusted sources. At one time I got a crash that permanently removed sound from the system with complete re-install as only left option.

Regarding vlc 0.8.6e and "specially crafted media that completely or partially overtakes my system upon opening". Which is true:

a) This is only a theorethical idea, they __could__ exist but in practise it is totally unrealistic
b) It would (mabye after some effort) straight forward for a skilled vlc-knowing-person to construct such a media.
c) There are existing such medias.

If b) or c), should I regard any computer that I have used vlc on unknown-source-media as completely in the hand of a hacker (hence all passwords/info that has passed through this computer should also be considered to be in the hands of the hacker). If NO, why not.

How about other versions of vlc.

Best Regard
David Jacquet

Remark
*if vlc cannot be used to view untrusted media, its usability drops by 99%.
*Is this not this like a dream opportunity for copyright protectors, upload
 infected medias on the internet and gain complete (or at least user level)
 control of every computer that is used to open the media.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu vlc Edit question
Assignee:
No assignee Edit question
Last query:
2008-07-23
Last reply:
2008-07-25
Michael Nagel (nailor) said : #1

i'd say the newer the version the better. you'll never get 100% security, but this is true for every single program out there. right now i would not consider it insecure to use vlc. you can use mplayer, gstreamer/totem, ... but they have/had/will have their problems, too.

Can you help with this problem?

Provide an answer of your own, or ask 164747 for more information if necessary.

To post a message you must log in.