vlc is vulnerable to arbitrary code execution. A heap-based buffer overflow in the hxxx_AnnexB_to_xVC
function in modules/packetizer/hxxx_nal.c
allows a remote attacker to cause a denial of service (application crash) or execute arbitrary code via a malicious H.264 Annex-B video (.avi for example) file.