VLC is a very popular video player that can play all types of media formats without downloading any codec packs. But users should take care updating their media player in order to avoid security risks. Why this is important is that we normally don’t take care to updates such software products unlike our operating system or virus definition files.
Users of earlier versions of VLC media player (VLC Media Player 220.127.116.11 and earlier) should refrain from opening files from untrusted third parties or accessing untrusted remote sites due to a critical security vulnerability issue in the processing of .mkv files. VLC media player 1.1.7 addresses this issue. Patches for older versions are available from the official VLC source code repositories.
Find more details here.