CVE-2011-0021
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
Date published : 2011-01-25
http://www.securityfocus.com/bid/45927
http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2