vlc is vulnerable to information disclosure. The vulnerability exists due to a buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player which allows attackers to cause an out-of-bounds read via a crafted .avi file.