Comment 4 for bug 1020403

CVE-2012-3377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3377):
  Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG
  demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2
  allows remote attackers to cause a denial of service (application crash) and
  possibly execute arbitrary code via a crafted OGG file.