There's an article out on ZDNet about a new vulnerability found in VLC player:
The first security vulnerability, discovered on 24 November last year, is a flaw which is triggered as user-supplied input is not properly sanitized when handling a specially crafted FLV file. The second vulnerability, much the same, is triggered as user-supplied input is not properly sanitized when handling a specially crafted M2V file -- both of which may be malicious and lead to a "context-dependent attacker corrupting memory and potentially executing arbitrary code."
Considered severe, the flaws are present on version 2.1.5 of VLC media player, and were tested through Windows XP SP3. While this legacy operating system is no longer supported by Microsoft, many users worldwide have not yet updated and may be vulnerable.
The vulnerabilities were reported to the VideoLAN project on 26 December 2014, but no patch has been issued to fix the problem.
Personally, I stopped using VLC some years ago after a couple of updates left it with poor performance and as my media watching habits changed. But this is the second time I've heard of VLC in a negative context--apparently, it's also know for blowing out speakers, which is why having it installed along with Win7 can void a Dell speaker warranty.
Thoughts from the community?