https://threatpost.com/high-risk-vlc-media-player-bugs/147503/ shows attacks with carefully crafted video files.
Can I protect my local users against this?
I imagine the attack will abuse the file format, so my hope is that, I could ask my users to download the file into a checking dir, then run some sort of checker or repair tool on it to make sure it was OK. Possibly some ffmpeg
magic? Would ffmpeg copy
be enough?