The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e
marc.info/?l=oss-security&m=136593191416152&w=2
marc.info/?l=oss-security&m=136610343501731&w=2
secunia.com/advisories/59793
trac.videolan.org/vlc/ticket/8024
www.osvdb.org/89598
www.securityfocus.com/bid/57333
www.videolan.org/security/sa1302.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023