Debian Linux Security Advisory 2218-1 - Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player.
c8adbc06f6e2fd87eb7ffec3f0699e8fd5b855245664ee31d7e93046210c0e47