VLC media player versions 0.7.0 to 0.8.6 suffer from a Format String security vulnerability in the CDDA and VCDX modules. Refer to our advisory for technical details. An updated release of VLC is available now, which also improves the Fullscreen Controller on Mac OS X. We strongly recommend all users to update to this new version.