Just a few days after the VLC developers fixed a vulnerability in the popular VLC video player, a new critical security vulnerability in the processing of .mkv files became public. By opening specially crafted .mkv files, the computer can be infected with a Trojan, for example. The files don’t need the .mkv extension necessarily as VLC tries to find the appropriate demultiplexing routines automatically.
A fix is already available in the source code repositories – but a new installation version which isn't affected by the flaw is not yet ready. Until then, don’t open files from untrusted sources with VLC!
Via Avira – TechBlog
Again critical vulnerability in VLC
VideoLAN Security Advisory 1102
Older Advisory ( December 2010 )
VideoLan has issued a security advisory for VLC Media Player.