In general, the open source VLC media player program is safe to run on your system; however, certain malicious media files may try to use bugs in the program to take control of your computer. To protect yourself while using VLC, only use it to open trustworthy files, and keep the program updated to the most recent version.
Video files that contain malicious programming code can adversely affect the VLC player's operation. The software's developer, VideoLAN, has, in the past, reported several vulnerabilities in the program. These vulnerabilities were the result of bugs that occurred when a user tried to open certain types of video files in VLC. Although the bugs were not dangerous in and of themselves, they provided a possible opportunity for malicious files to attack the user's computer.
Most malicious files that can attack the VLC player are relatively harmless. The majority of these malicious files can, at worst, crash the VLC program; this may be annoying but is unlikely to damage your system. Other vulnerabilities, though, have possibly allowed malicious files to execute program code, which could theoretically enable the attacker to control VLC and even the entire operating system. You might not even have to download a file in order for it to attack your system: certain malicious files can exploit vulnerabilities in the VLC Web browser plug-ins.
To protect your system from malicious video files that may attack VLC, only download media files from trusted sources. Video files downloaded from peer-to-peer file sharing networks, for example, are much more likely to be malicious than those downloaded from a reputable video website. Even audio files can be malicious: VideoLAN has reported VLC vulnerabilities involving WAV audio files and CD audio tracks.
To prevent malicious code from attacking your computer through VLC, update the program regularly. When a program update becomes available, VLC notifies you with a pop-up box when you launch the program. You can also check for updates from the program's "Help" menu. Check VideoLAN's security advisories regularly for any vulnerabilities that appear between updates. Only download the VLC player from the official download website at VideoLAN.org: downloading from other sources may expose your computer to malware.