In early June the open source media player VLC created by the VideoLAN non-profit organization was updated to version 2.2.4.
This update is available for Linux, Apple Mac OS X and Windows. It addresses 2 security issues mentioned here (1x VLC issue and a 3rd party library issue detailed in this security advisory). This update is available for download for the above operating systems from this page.
One other noteworthy addition is that when VLC 3.0 is released it will feature High Entropy ASLR (Address Space Layout Randomization (defined)). I have discussed HEASLR on this blog before and it’s an excellent security measure/control/mitigation (defined). Further information on HEASLR can be found on Alex Ionescu’s blog. I will be very pleased to see it present in this upcoming version.
If you use VLC, please update as soon as possible to address the above mentioned security vulnerabilities as well as the general software bugs that were resolved.