A remote user can create some specially crafted mkv files that, when loaded by the target user, will trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively. If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.
Tag: videolan
ASA-2019-00355 – VLC: Buffer overflow in libavi_plugin memmove() call
When parsing an invalid AVI file, a buffer overflow might occur leading to an out-of-bounds read.