[vlc-devel] VLC 1.1.11 coming

Jean-Baptiste Kempf jb at videolan.org
Sat Jul 9 12:43:00 CEST 2011

On Sat, Jul 09, 2011 at 10:54:23AM +0300, Rémi Denis-Courmont wrote :
> 1/ What is that vulnerability? The only hit I get is some 2010 stuff which was 
> fixed 11 months ago.

This one is a new one. JBme 3.0 is a new vulnerability triggered with
PDF reading.

> 2/ Does MacOS not have FreeType if iOS does? If so, why does VLC for MacOS X 
> ship its own FreeType?
No idea. I think this is different between X.5 and X.6.

> 3/ Is it really a _security_ issue for VLC? If it requires the admin or the 
> user to install a corrupt font, it's a arguably a case of the user hacking his 
> own system. This is a problem for iOS, but not for VLC. Do we support fonts 
> embedded in media files?

Last time, the issue was triggerable in VLC, tested and verified on VLC
for Win32.
And, yes we do support fonts in media files. See fonts attached in MKV.

Best Regards,

Jean-Baptiste Kempf
http://www.jbkempf.com/ - +33 672 704 734
Sent from my Electronic Device

More information about the vlc-devel mailing list