With VLC being the standard media player in the current LTS release (and unfortunately even a hard dependency of ubuntu-mate-desktop), the following unfixed security issue(s) should be brought to the attention of its users: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893
Due to Ubuntu’s VLC being community-maintained, this bug is in state “incomplete” with no indication of if/when a fix will be made available.
For now I just removed any VLC files that could be related to subtitles from /usr/lib/vlc/plugins:
- codec/libcvdsub_plugin.so
- codec/libdvdsub_plugin.so
- codec/libsubsdec_plugin.so
- codec/libsubstx3g_plugin.so
- codec/libsubusf_plugin.so
- codec/libvcdsub_plugin.so
- demux/libsubtitle_plugin.so
- demux/libvobsub_plugin.so
- video_filter/libsubdelay_plugin.so