The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and
other 1.1.15 and earlier versions, relies on an untrusted input length
value to “reindex into an allocated buffer,” which allows remote attackers
to cause a denial of service (crash) via a crafted value, probably an array
index error.