VLC released updated version 1.1.13 in order to fix the Security vulnerability in the TiVo demuxer.
About the Vulnerability:
When parsing the header of an invalid TY file, the heap might be corrupted.If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution might be possible on some systems, though this is unconfirmed.
About the Vulnerability:
When parsing the header of an invalid TY file, the heap might be corrupted.If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution might be possible on some systems, though this is unconfirmed.
Solution:
VLC media player 1.1.13 addresses this issue. Patches for older versions are available from the official VLC source code repository vlc-1.1.git.
Alternatively, the TY demux plugin (libty_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent opening of TiVo files.