VLC Media Player TiVo Demuxer Double Free Vulnerability (Mac OS X)

Summary
This host is installed with VLC Media Player and is prone to double free vulnerability.
Impact
Successful exploitation will allow an attacker to crash an affected application and denying service to legitimate users. Impact Level: Application
Solution
Upgrade VLC media player to 1.1.13 or later, For updates refer to http://www.videolan.org/vlc/
Insight
The flaw is due to a double-free error within the 'get_chunk_header()' function in 'modules/demux/ty.c' of the TiVo demuxer when opening a specially crafted TiVo (*.ty) file.
Affected
VLC media player version 0.9.0 to 1.1.12 on Mac OS X
References